CVSS: 6.1EPSS: 0%CPEs: 105EXPL: 0CVE-2013-3261 – Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.72 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-3261
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en wp-admin/admin.php en el complemnto GRAND FlAGallery anteriores a v2.72 para WordPress permite a a atacantes remotos a inyectar secuencias de comandos Web o HTML a través del parámetro s en una acción flag-manage-gallery. • http://secunia.com/advisories/53111 http://wordpress.org/plugins/flash-album-gallery/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •