Cross-Site Scripting in NextGEN Gallery Plugin for WordPress
CVE-2010-1186

Currently unrated

Key Information:

Vendor: Wordpress
Status: Nextgen Gallery
Vendor: CVE Published:; 7 April 2010

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the NextGEN Gallery plugin for WordPress prior to version 1.5.2. This flaw enables remote attackers to inject malicious web scripts or HTML into the affected site through the 'mode' parameter in the xml/media-rss.php file. Successful exploitation could lead to the execution of arbitrary scripts in the context of the user's browser, potentially compromising user data or executing unauthorized actions.

References

http://www.exploit-db.com/exploits/12098

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/39341

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/39250

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 7, 2010
Vulnerability Reserved
Mar 30, 2010