Cross-Site Scripting in NextGEN Gallery Plugin for WordPress
CVE-2008-7175

Currently unrated

Key Information:

Vendor: Wordpress
Status: Nextgen Gallery
Vendor: CVE Published:; 8 September 2009

Summary

The NextGEN Gallery plugin for WordPress contains a Cross-Site Scripting (XSS) vulnerability in the admin interface. This flaw allows remote attackers to inject arbitrary HTML or JavaScript code into the picture description field during page editing. When exploited, this vulnerability could lead to unauthorized actions on behalf of the users who visit the compromised page, jeopardizing the security of their sessions and sensitive information.

References

http://osvdb.org/51428

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/archive/1/493182/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Sep 7, 2009