Vulnerability Details CVE-2014-3123
Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.7%
CVSS Severity
CVSS v2 Score 2.1
References
- http://secunia.com/advisories/58031
- http://www.securityfocus.com/bid/67085
- http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13
- https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog
- http://secunia.com/advisories/58031
- http://www.securityfocus.com/bid/67085
- http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13
- https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog
Products affected by CVE-2014-3123
-
cpe:2.3:a:wpgetready:nextcellent_gallery:1.9.14
-
cpe:2.3:a:wpgetready:nextcellent_gallery:1.9.15
-
cpe:2.3:a:wpgetready:nextcellent_gallery:1.9.16
-
cpe:2.3:a:wpgetready:nextcellent_gallery:1.9.17