CVE-2008-7175

NextGEN Gallery <0.96 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/493182/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/51428

Scores

EPSS 0.0014

EPSS Percentile 33.1%

Classification

CWE

CWE-79

Status published

Affected Products (35)

alex_rabe/nextgen_gallery < 0.96

alex_rabe/nextgen_gallery

... and 20 more

Timeline

Published Sep 08, 2009

Tracked Since Feb 18, 2026