CVSS: 6.4EPSS: 0%CPEs: 32EXPL: 0CVE-2014-2333 – Lazyest Gallery < 1.1.21 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-2333
Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information. Vulnerabilidad de XSS en el plugin Lazyest Gallery anterior a 1.1.21 para WordPress permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de una etiqueta EXIF. NOTA: algunos de estos detalles se obtienen de información de terceras partes. Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. • http://secunia.com/advisories/57746 http://wordpress.org/plugins/lazyest-gallery/changelog http://www.securityfocus.com/bid/66756 https://exchange.xforce.ibmcloud.com/vulnerabilities/92598 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2011-5264 – Lazyest Backup < 0.2.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5264
Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_all parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en lazyest-backup.php en el Lazyest Backup plugin anterior a v0.2.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro xml_or_all. The Lazyest Backup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'xml_or_all' parameter found in the lazyest-backup.php file in versions up to 0.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • http://plugins.trac.wordpress.org/changeset?reponame=&new=470737%40lazyest-backup&old=468541%40lazyest-backup http://secunia.com/advisories/47092 http://wordpress.org/extend/plugins/lazyest-backup/changelog http://www.osvdb.org/77493 http://www.securityfocus.com/bid/50900 https://exchange.xforce.ibmcloud.com/vulnerabilities/71650 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •