CVE-2011-4624
NUCLEIGRAND FlAGallery < 1.56 - Cross-Site Scripting via Facebook i Parameter
Title source: llmExploitation Summary
CVE-2011-4624 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
Nuclei Templates (1)
GRAND FlAGallery 1.57 - Cross-Site Scripting
MEDIUMby daffainfo
References (7)
Core 7
Core References
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2011-12/0180.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520691/100/0/threaded
Patch x_refsource_confirm
http://wordpress.org/extend/plugins/flash-album-gallery/changelog/
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/12/23/2
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50861
Product x_refsource_confirm
http://plugins.trac.wordpress.org/changeset/469785
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520704/100/0/threaded
Scores
EPSS
0.0450
EPSS Percentile
89.4%
Details
CWE
CWE-79
Status
published
Products (1)
codeasily/grand_flagallery
< 1.56
Published
Oct 01, 2014
Tracked Since
Feb 18, 2026