CVE-2014-3923

Name of the Vulnerable Software and Affected Versions Digital Zoom Studio (DZS) Video Gallery plugin for WordPress (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to various SWF files in the deploy/ directory, including (1) preview.swf, (2) preview skin rouge.swf, (3) preview allchars.swf, or (4) preview skin overlay.swf.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.