Search
Find a vulnerability
Search criteria
2 vulnerabilities found for photo_gallery_plugin by photo_gallery_plugin_project
CVE-2014-6315 (GCVE-0-2014-6315)
Vulnerability from nvd – Published: 2014-10-10 14:00 – Updated: 2024-08-06 12:10
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/70204 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/533595/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.htbridge.com/advisory/HTB23232 | x_refsource_MISC |
| http://packetstormsecurity.com/files/128518/WordP… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset?new=986500 | x_refsource_CONFIRM |
| http://secunia.com/advisories/61649 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2014-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70204"
},
{
"name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
},
{
"name": "wp-photogallery-cve20146315-xss(96799)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=986500"
},
{
"name": "61649",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70204"
},
{
"name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
},
{
"name": "wp-photogallery-cve20146315-xss(96799)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=986500"
},
{
"name": "61649",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70204"
},
{
"name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
},
{
"name": "wp-photogallery-cve20146315-xss(96799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
},
{
"name": "https://www.htbridge.com/advisory/HTB23232",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23232"
},
{
"name": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?new=986500",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset?new=986500"
},
{
"name": "61649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6315",
"datePublished": "2014-10-10T14:00:00.000Z",
"dateReserved": "2014-09-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:10:13.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6315 (GCVE-0-2014-6315)
Vulnerability from cvelistv5 – Published: 2014-10-10 14:00 – Updated: 2024-08-06 12:10
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/70204 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/533595/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.htbridge.com/advisory/HTB23232 | x_refsource_MISC |
| http://packetstormsecurity.com/files/128518/WordP… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset?new=986500 | x_refsource_CONFIRM |
| http://secunia.com/advisories/61649 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2014-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70204"
},
{
"name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
},
{
"name": "wp-photogallery-cve20146315-xss(96799)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=986500"
},
{
"name": "61649",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70204"
},
{
"name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
},
{
"name": "wp-photogallery-cve20146315-xss(96799)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset?new=986500"
},
{
"name": "61649",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70204"
},
{
"name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
},
{
"name": "wp-photogallery-cve20146315-xss(96799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
},
{
"name": "https://www.htbridge.com/advisory/HTB23232",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23232"
},
{
"name": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?new=986500",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset?new=986500"
},
{
"name": "61649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6315",
"datePublished": "2014-10-10T14:00:00.000Z",
"dateReserved": "2014-09-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:10:13.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}