CVE-2014-9094

NUCLEI

Digital Zoom Studio Video Gallery - Cross-Site Scripting via swfloc or designrand Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9094. PoCs published by MustLive. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates XSS and command injection vulnerabilities in WordPress DZS-VideoGallery plugin. The XSS vectors leverage unsanitized input parameters, while the command injection allows arbitrary OS command execution via the 'webshot' parameter.

Description

Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by MustLive · textwebappsphp
https://www.exploit-db.com/exploits/39250

The exploit demonstrates XSS and command injection vulnerabilities in WordPress DZS-VideoGallery plugin. The XSS vectors leverage unsanitized input parameters, while the command injection allows arbitrary OS command execution via the 'webshot' parameter.

Classification
Working Poc 90%
Attack Type
Xss | Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress DZS-VideoGallery plugin <= 7.85
No auth needed
Prerequisites: Access to the vulnerable plugin endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress DZS-VideoGallery Plugin Cross-Site Scripting
MEDIUMby daffainfo

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://websecurity.com.ua/7152/
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/65
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68525
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/108579

Scores

EPSS 0.0718
EPSS Percentile 91.8%

Details

CWE
CWE-79
Status published
Products (1)
digitalzoomstudio/video_gallery
Published Nov 26, 2014
Tracked Since Feb 18, 2026