CVE-2014-9094

NUCLEI

WordPress DZS Video Gallery - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MustLive · textwebappsphp

https://www.exploit-db.com/exploits/39250

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress DZS-VideoGallery Plugin Cross-Site Scripting

MEDIUMby daffainfo

References (4)

[Mailing List] http://seclists.org/fulldisclosure/2014/Jul/65

[Various Sources] http://websecurity.com.ua/7152/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108579

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/68525

Scores

EPSS 0.0718

EPSS Percentile 91.4%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

digitalzoomstudio/video_gallery

Timeline

Published Nov 26, 2014

Tracked Since Feb 18, 2026