http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw Always something worth reading... Fri, 12 Mar 2010 11:09:45 +0000 http://wordpress.org/?v= hourly 1 http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/comment-page-1#comment-16642 digitalpbk Fri, 17 Jul 2009 16:07:46 +0000 http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/#comment-16642 There is even more flaw in this plugin check out <a href="http://digitalpbk.blogspot.com/2009/07/wordpress-nextgen-gallery-xss.html" rel="nofollow">xss on wordpress nextgen library</a> There is even more flaw in this plugin check out xss on wordpress nextgen library

]]> http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/comment-page-1#comment-11638 Philipp Sun, 22 Jun 2008 15:59:01 +0000 http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/#comment-11638 As it's possible to edit Galleries, although with quite lower User Roles than the Administrator one, depending on the Settings, it's quite some risk. For sure it's not too high, as everyone should be encourage to give Permissions to trusted Users only, but it's anyway possible through blindfold grants, that bad guys can gain Administrator rights with it. Anyway we should mostly change the advisory a bit, mostly to a recommendation only As it’s possible to edit Galleries, although with quite lower User Roles than the Administrator one, depending on the Settings, it’s quite some risk. For sure it’s not too high, as everyone should be encourage to give Permissions to trusted Users only, but it’s anyway possible through blindfold grants, that bad guys can gain Administrator rights with it.
Anyway we should mostly change the advisory a bit, mostly to a recommendation only

]]> http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/comment-page-1#comment-11619   Vulnerabilidad XSS en Nextgen Gallery en Agamum.net Wed, 18 Jun 2008 14:13:41 +0000 http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/#comment-11619 [...] en: Blogsecurity.net Etiquetas: actualización, seguridad, vulnerabilidad, [...] [...] en: Blogsecurity.net Etiquetas: actualización, seguridad, vulnerabilidad, [...]

]]> http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/comment-page-1#comment-11616 Next Gen Galley XSS Security Flaw » Mercury Thread Internet Marketing Blog Wed, 18 Jun 2008 10:59:18 +0000 http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/#comment-11616 [...] that I could use easily within wordpress is a great help. I just found out that there is an XSS flaw in the Next Gen Gallery script. Does anyone know how to fix this so I can get it back up and [...] [...] that I could use easily within wordpress is a great help. I just found out that there is an XSS flaw in the Next Gen Gallery script. Does anyone know how to fix this so I can get it back up and [...]

]]> http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/comment-page-1#comment-11615 Michael Wed, 18 Jun 2008 10:52:32 +0000 http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/#comment-11615 Cheers for the heads up. Have removed said plugin as a result. Hope they have a fix soon as I was enjoying playing with this. Cheers for the heads up. Have removed said plugin as a result. Hope they have a fix soon as I was enjoying playing with this.

]]> http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/comment-page-1#comment-11614 Robert Wed, 18 Jun 2008 10:37:31 +0000 http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/#comment-11614 So, this "advisory" is basically telling us that a blog owner can introduce any HTML, including scripts, into his/her own blog? OMG! BBQ! WTF? So, this “advisory” is basically telling us that a blog owner can introduce any HTML, including scripts, into his/her own blog? OMG! BBQ! WTF?

]]>