Description
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.
Affected products
- alex_rabe / nextgen_gallery0.96
- alex_rabe / nextgen_gallery0.33 – 0.33
- alex_rabe / nextgen_gallery0.34 – 0.34
- alex_rabe / nextgen_gallery0.35 – 0.35
- alex_rabe / nextgen_gallery0.36 – 0.36
- alex_rabe / nextgen_gallery0.37 – 0.37
- alex_rabe / nextgen_gallery0.39 – 0.39
- alex_rabe / nextgen_gallery0.40 – 0.40
- alex_rabe / nextgen_gallery0.41 – 0.41
- alex_rabe / nextgen_gallery0.42 – 0.42
- alex_rabe / nextgen_gallery0.43 – 0.43
- alex_rabe / nextgen_gallery0.50 – 0.50
- alex_rabe / nextgen_gallery0.51 – 0.51
- alex_rabe / nextgen_gallery0.52 – 0.52
- alex_rabe / nextgen_gallery0.60 – 0.60
- alex_rabe / nextgen_gallery0.61 – 0.61
- alex_rabe / nextgen_gallery0.62 – 0.62
- alex_rabe / nextgen_gallery0.63 – 0.63
- alex_rabe / nextgen_gallery0.64 – 0.64
- alex_rabe / nextgen_gallery0.70 – 0.70
- alex_rabe / nextgen_gallery0.71 – 0.71
- alex_rabe / nextgen_gallery0.72 – 0.72
- alex_rabe / nextgen_gallery0.73 – 0.73
- alex_rabe / nextgen_gallery0.74 – 0.74
- alex_rabe / nextgen_gallery0.80 – 0.80
- alex_rabe / nextgen_gallery0.81 – 0.81
- alex_rabe / nextgen_gallery0.82 – 0.82
- alex_rabe / nextgen_gallery0.83 – 0.83
- alex_rabe / nextgen_gallery0.90 – 0.90
- alex_rabe / nextgen_gallery0.91 – 0.91
- alex_rabe / nextgen_gallery0.92 – 0.92
- alex_rabe / nextgen_gallery0.93 – 0.93
- alex_rabe / nextgen_gallery0.94 – 0.94
- alex_rabe / nextgen_gallery0.95 – 0.95