Search

Find a vulnerability

Search criteria

    2 vulnerabilities by photo_gallery_plugin_project

    CVE-2014-6315 (GCVE-0-2014-6315)

    Vulnerability from nvd – Published: 2014-10-10 14:00 – Updated: 2024-08-06 12:10
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-10-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:10:13.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70204",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70204"
              },
              {
                "name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
              },
              {
                "name": "wp-photogallery-cve20146315-xss(96799)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23232"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?new=986500"
              },
              {
                "name": "61649",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61649"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "70204",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70204"
            },
            {
              "name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
            },
            {
              "name": "wp-photogallery-cve20146315-xss(96799)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23232"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://plugins.trac.wordpress.org/changeset?new=986500"
            },
            {
              "name": "61649",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61649"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6315",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70204",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70204"
                },
                {
                  "name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
                },
                {
                  "name": "wp-photogallery-cve20146315-xss(96799)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23232",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23232"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
                },
                {
                  "name": "https://plugins.trac.wordpress.org/changeset?new=986500",
                  "refsource": "CONFIRM",
                  "url": "https://plugins.trac.wordpress.org/changeset?new=986500"
                },
                {
                  "name": "61649",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61649"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6315",
        "datePublished": "2014-10-10T14:00:00.000Z",
        "dateReserved": "2014-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:10:13.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6315 (GCVE-0-2014-6315)

    Vulnerability from cvelistv5 – Published: 2014-10-10 14:00 – Updated: 2024-08-06 12:10
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-10-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:10:13.333Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70204",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70204"
              },
              {
                "name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
              },
              {
                "name": "wp-photogallery-cve20146315-xss(96799)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23232"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?new=986500"
              },
              {
                "name": "61649",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61649"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "70204",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70204"
            },
            {
              "name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
            },
            {
              "name": "wp-photogallery-cve20146315-xss(96799)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23232"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://plugins.trac.wordpress.org/changeset?new=986500"
            },
            {
              "name": "61649",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61649"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6315",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70204",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70204"
                },
                {
                  "name": "20141001 Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533595/100/0/threaded"
                },
                {
                  "name": "wp-photogallery-cve20146315-xss(96799)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96799"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23232",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23232"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html"
                },
                {
                  "name": "https://plugins.trac.wordpress.org/changeset?new=986500",
                  "refsource": "CONFIRM",
                  "url": "https://plugins.trac.wordpress.org/changeset?new=986500"
                },
                {
                  "name": "61649",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61649"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6315",
        "datePublished": "2014-10-10T14:00:00.000Z",
        "dateReserved": "2014-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:10:13.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }