Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7175

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-7175
Last Modified 05 Oct 2009 12:00:00
Published 08 Sep 2009 06:30:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7175

Summary

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.

Vulnerable Systems

Application

  • Alex Rabe Nextgen Gallery 0.33

  • Alex Rabe Nextgen Gallery 0.34

  • Alex Rabe Nextgen Gallery 0.35

  • Alex Rabe Nextgen Gallery 0.36

  • Alex Rabe Nextgen Gallery 0.37

  • Alex Rabe Nextgen Gallery 0.39

  • Alex Rabe Nextgen Gallery 0.40

  • Alex Rabe Nextgen Gallery 0.41

  • Alex Rabe Nextgen Gallery 0.42

  • Alex Rabe Nextgen Gallery 0.43

  • Alex Rabe Nextgen Gallery 0.50

  • Alex Rabe Nextgen Gallery 0.51

  • Alex Rabe Nextgen Gallery 0.52

  • Alex Rabe Nextgen Gallery 0.60

  • Alex Rabe Nextgen Gallery 0.61

  • Alex Rabe Nextgen Gallery 0.62

  • Alex Rabe Nextgen Gallery 0.63

  • Alex Rabe Nextgen Gallery 0.64

  • Alex Rabe Nextgen Gallery 0.70

  • Alex Rabe Nextgen Gallery 0.71

  • Alex Rabe Nextgen Gallery 0.72

  • Alex Rabe Nextgen Gallery 0.73

  • Alex Rabe Nextgen Gallery 0.74

  • Alex Rabe Nextgen Gallery 0.80

  • Alex Rabe Nextgen Gallery 0.81

  • Alex Rabe Nextgen Gallery 0.82

  • Alex Rabe Nextgen Gallery 0.83

  • Alex Rabe Nextgen Gallery 0.90

  • Alex Rabe Nextgen Gallery 0.91

  • Alex Rabe Nextgen Gallery 0.92

  • Alex Rabe Nextgen Gallery 0.93

  • Alex Rabe Nextgen Gallery 0.94

  • Alex Rabe Nextgen Gallery 0.95

  • Alex Rabe Nextgen Gallery 0.96


References

BUGTRAQ - 20080608 XSS - NEXTGEN GALLERY 0.96 WORDPRESS PLUGIN

OSVDB - 51428


Last Updated: 27 May 2016 10:49:30