PT-2017-7557 · Photocrati · Photocrati Nextgen Gallery

Sathish

Published

2017-09-12

Updated

2020-11-10

CVE-2015-9229

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Photocrati NextGEN Gallery plugin version 2.1.15

Description The issue allows for XSS, which is possible for remote authenticated administrators. This occurs via the images[1][alttext] parameter in the nggallery-manage-gallery page.

Recommendations For Photocrati NextGEN Gallery plugin version 2.1.15, consider restricting access to the nggallery-manage-gallery page until a patch is available. As a temporary workaround, avoid using the images[1][alttext] parameter in the affected page to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-9229

Affected Products

Photocrati Nextgen Gallery

PT-2017-7557 · Photocrati · Photocrati Nextgen Gallery

CVE-2015-9229

Weakness Enumeration

Related Identifiers

Affected Products

References · 4