CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000153 – Tidio Gallery <= 1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-1000153
Reflected XSS in wordpress plugin tidio-gallery v1.1 Vulnerabilidad de XSS reflejada en el plugin de wordpress tidio-gallery v1.1 Reflected XSS in wordpress plugin tidio-gallery v1.1 via galleryId parameter. • http://www.securityfocus.com/bid/93543 http://www.vapidlabs.com/wp/wp_advisory.php?v=427 https://wordpress.org/plugins/tidio-gallery • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 4CVE-2015-7527 – Cool Video Gallery <= 1.9 - Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2015-7527
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page. lib/core.php en el plugin Cool Video Gallery 1.9 para WordPress permite a atacantes remotos ejecutar código arbitrario a través de meta carácteres shell en el 'Ancho de la imagen de vista previa' y posiblemente en otros campos de entrada en la página 'Video Gallery Settings'. WordPress Cool Video Gallery plugin version 1.9 suffers from a remote command injection vulnerability. • http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html http://www.openwall.com/lists/oss-security/2015/12/02/9 http://www.securityfocus.com/archive/1/537051/100/0/threaded http://www.vapidlabs.com/advisory.php?v=158 https://wordpress.org/support/topic/command-injection-vulnerability-in-v19 https://wpvulndb.com/vulnerabilities/8348 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2015-6528
https://notcve.org/view.php?id=CVE-2015-6528
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. Múltiples vulnerabilidades de XSS en install_classic.php en Coppermine Photo Gallery (CPG) 1.5.36, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix o (9) impath. • http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9327 – Flickr Justified Gallery < 3.4.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9327
The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS. El plugin flickr-justified-gallery anterior a la versión de 3.4.0 para WordPress tiene XSS. The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS via several parameters. • https://wordpress.org/plugins/flickr-justified-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1000007 – wptf-image-gallery <= 1.0.3 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2015-1000007
Remote file download vulnerability in wptf-image-gallery v1.03 Vulnerabilidad de descarga de archivo remoto en wptf-image-gallery v1.03 The wptf-image-gallery plugin for WordPress is vulnerable to Arbitrary File Downloads in versions up to, and including, 1.0.3 via the './wptf-image-gallery/lib-mbox/ajax_load.php' file. This makes it possible for unauthenticated attackers to download sensitive files from the vulnerable system. • http://www.vapidlabs.com/advisory.php?v=148 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •