CVE-2010-1186
published 2010-04-07CVE-2010-1186: Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.73%
90.7th percentile
Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
Affected
56 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alex_rabe | nextgen_gallery | <= 1.5.1 | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
| alex_rabe | nextgen_gallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Wordpress NextGEN Gallery Plugin Cross Site Scripting Attempt
suricata·2010-07-30
CVE-2010-1186 ET WEB_SPECIFIC_APPS Wordpress NextGEN Gallery Plugin Cross Site Scripting Attempt
ET WEB_SPECIFIC_APPS Wordpress NextGEN Gallery Plugin Cross Site Scripting Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress NextGEN Gallery Plugin Cross Site Scripting Attempt"; flow:established,to_server; http.method; content:"GET"; nocase; http.uri; content:"/wp-content/plugins/nextgen-gallery/xml/media-rss.php"; nocase; content:"mode="; nocase; pcre:"/(script|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange)/i"; reference:url,www.coresecurity.com/content/nextgen-gallery-xss-vulnerability; reference:cve,2010-1186; classtype:web-application-attack; sid:2011006; rev:5; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wo
No writeups or analysis indexed.
http://secunia.com/advisories/39341http://wordpress.org/extend/plugins/nextgen-gallery/changelog/http://www.coresecurity.com/content/nextgen-gallery-xss-vulnerabilityhttp://www.exploit-db.com/exploits/12098http://www.securityfocus.com/bid/39250http://www.vupen.com/english/advisories/2010/0821https://exchange.xforce.ibmcloud.com/vulnerabilities/57562http://secunia.com/advisories/39341http://wordpress.org/extend/plugins/nextgen-gallery/changelog/http://www.coresecurity.com/content/nextgen-gallery-xss-vulnerabilityhttp://www.exploit-db.com/exploits/12098http://www.securityfocus.com/bid/39250http://www.vupen.com/english/advisories/2010/0821https://exchange.xforce.ibmcloud.com/vulnerabilities/57562
2010-04-07
Published