CVE-2014-3123

Name of the Vulnerable Software and Affected Versions NextCellent Gallery plugin versions prior to 1.19.18

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote authenticated users with specific permissions to inject arbitrary web script or HTML via the Alt & Title Text field in the admin/manage-images.php file.

Recommendations For versions prior to 1.19.18, update to version 1.19.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/manage-images.php file and limiting the use of the "Alt & Title Text" field until the update is applied.