CVE-2014-9094
NUCLEIWordPress DZS Video Gallery - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by MustLive · textwebappsphp
https://www.exploit-db.com/exploits/39250
Nuclei Templates (1)
WordPress DZS-VideoGallery Plugin Cross-Site Scripting
MEDIUMby daffainfo
Scores
EPSS
0.0718
EPSS Percentile
91.6%
Details
CWE
CWE-79
Status
published
Products (1)
digitalzoomstudio/video_gallery
Published
Nov 26, 2014
Tracked Since
Feb 18, 2026