CVE-2015-9537

The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.
References
Link Resource
https://cybersecurityworks.com/zerodays/cve-2015-9537-nextgen.html Exploit Third Party Advisory
https://github.com/cybersecurityworks/Disclosed/issues/1 Exploit Third Party Advisory
https://wordpress.org/plugins/nextgen-gallery/#developers Release Notes Third Party Advisory
https://www.openwall.com/lists/oss-security/2015/10/27/4 Exploit Mailing List Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2019-11-26 15:15

Updated : 2024-02-28 17:28


NVD link : CVE-2015-9537

Mitre link : CVE-2015-9537

CVE.ORG link : CVE-2015-9537


JSON object : View

Products Affected

imagely

  • nextgen_gallery
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')