CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8758 – Gallery Bank – WordPress Photo Gallery Plugin < 3.0.70 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-8758
Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php. Una vulnerabilidad de Cross-Site Scripting (XSS) en el plugin Best Gallery Albums en versiones anteriores a la 3.0.70 para WordPress permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro order_id en la página gallery_album_sorting a wp-admin/admin.php. Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70 for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php. • https://g0blin.co.uk/cve-2014-8758 https://wpvulndb.com/vulnerabilities/8236 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •