CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9441 – Lightbox Photo Gallery <= 1.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-9441
Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de CSRF en el plugin Lightbox Photo Gallery 1.0 para WordPress permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) cambian las configuraciones de plugins a través de vectores no especificados o realizan ataques de XSS a través de del parámetro (2) ll__opt[image2_url] o (3) ll__opt[image3_url] en una acción ll_save_settings en wp-admin/admin-ajax.php. • http://packetstormsecurity.com/files/129507 https://exchange.xforce.ibmcloud.com/vulnerabilities/99490 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2014-6315 – Photo Gallery by 10Web <= 1.1.30 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-6315
Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de XSS en el plugin Web-Dorado Photo Gallery 1.1.30 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) callback, (2) dir, o (3) extensions en una acción addImages en wp-admin/admin-ajax.php. WordPress Photo Gallery plugin version 1.1.30 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html http://secunia.com/advisories/61649 http://www.securityfocus.com/archive/1/533595/100/0/threaded http://www.securityfocus.com/bid/70204 https://exchange.xforce.ibmcloud.com/vulnerabilities/96799 https://plugins.trac.wordpress.org/changeset?new=986500 https://www.htbridge.com/advisory/HTB23232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2014-4529 – Flash Photo Gallery <= 0.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4529
Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter. Vulnerabilidad de XSS en fpg_preview.php en el plugin Flash Photo Gallery 0.7 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro path. • http://codevigilant.com/disclosure/wp-plugin-flash-photo-gallery-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1525
https://notcve.org/view.php?id=CVE-2003-1525
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors. • http://www.fuzzymonkey.org/newfuzzy/software/perl/photo/README.html http://www.securityfocus.com/bid/8872 https://exchange.xforce.ibmcloud.com/vulnerabilities/13498 •