Nextgen gallery - XSS flaw
Filed Under (Advisories, WordPress) by Philipp on 18 June 2008

The Nextgen Gallery Plugin version <= 0.96 have been found vulnerable to a persistent Cross Site Scripting bug..

According to the advisory, the attacker does require authentication and access to the following URL: 

http://[host]/[directory]/wp-admin/admin.php?page=nggallery-manage-gallery

As far as we know, no fix is currently available.

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

Robert on 18 June, 2008 at 11:37 am #

So, this “advisory” is basically telling us that a blog owner can introduce any HTML, including scripts, into his/her own blog? OMG! BBQ! WTF?


Michael on 18 June, 2008 at 11:52 am #

Cheers for the heads up. Have removed said plugin as a result. Hope they have a fix soon as I was enjoying playing with this.


Next Gen Galley XSS Security Flaw » Mercury Thread Internet Marketing Blog on 18 June, 2008 at 11:59 am #

[...] that I could use easily within wordpress is a great help. I just found out that there is an XSS flaw in the Next Gen Gallery script. Does anyone know how to fix this so I can get it back up and [...]


  Vulnerabilidad XSS en Nextgen Gallery en Agamum.net on 18 June, 2008 at 3:13 pm #

[...] en: Blogsecurity.net Etiquetas: actualización, seguridad, vulnerabilidad, [...]


Philipp on 22 June, 2008 at 4:59 pm #

As it’s possible to edit Galleries, although with quite lower User Roles than the Administrator one, depending on the Settings, it’s quite some risk. For sure it’s not too high, as everyone should be encourage to give Permissions to trusted Users only, but it’s anyway possible through blindfold grants, that bad guys can gain Administrator rights with it.
Anyway we should mostly change the advisory a bit, mostly to a recommendation only


Comment
Name:
Email:
Website:
Message: