Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3123

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2014-3123
Last Modified 09 May 2014 01:29:00
Published 08 May 2014 10:29:15
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2014-3123

Summary

Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field.

Vulnerable Systems

Application

  • Wpgetready Nextcellent Gallery 1.9.14

  • Wpgetready Nextcellent Gallery 1.9.15

  • Wpgetready Nextcellent Gallery 1.9.16

  • Wpgetready Nextcellent Gallery 1.9.17


References

CONFIRM - https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog

MISC - http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13

BID - 67085

SECUNIA - 58031


Last Updated: 27 May 2016 11:05:16