Nextgen gallery – XSS flaw

Posted by Philipp

June 18, 2008

The Nextgen Gallery Plugin version <= 0.96 have been found vulnerable to a persistent Cross Site Scripting bug..

According to the advisory, the attacker does require authentication and access to the following URL:

http://[host]/[directory]/wp-admin/admin.php?page=nggallery-manage-gallery

As far as we know, no fix is currently available.

Advisories, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments

Comment by Robert on June 18, 2008 @ 11:37 am

So, this “advisory” is basically telling us that a blog owner can introduce any HTML, including scripts, into his/her own blog? OMG! BBQ! WTF?

Comment by Michael on June 18, 2008 @ 11:52 am

Cheers for the heads up. Have removed said plugin as a result. Hope they have a fix soon as I was enjoying playing with this.

Pingback by Next Gen Galley XSS Security Flaw » Mercury Thread Internet Marketing Blog on June 18, 2008 @ 11:59 am

[...] that I could use easily within wordpress is a great help. I just found out that there is an XSS flaw in the Next Gen Gallery script. Does anyone know how to fix this so I can get it back up and [...]

Pingback by Vulnerabilidad XSS en Nextgen Gallery en Agamum.net on June 18, 2008 @ 3:13 pm

[...] en: Blogsecurity.net Etiquetas: actualización, seguridad, vulnerabilidad, [...]

Comment by Philipp on June 22, 2008 @ 4:59 pm

As it’s possible to edit Galleries, although with quite lower User Roles than the Administrator one, depending on the Settings, it’s quite some risk. For sure it’s not too high, as everyone should be encourage to give Permissions to trusted Users only, but it’s anyway possible through blindfold grants, that bad guys can gain Administrator rights with it.
Anyway we should mostly change the advisory a bit, mostly to a recommendation only

Comment by digitalpbk on July 17, 2009 @ 5:07 pm