CVE-2015-9537

Name of the Vulnerable Software and Affected Versions NextGEN Gallery plugin versions prior to 2.1.10

Description The issue involves multiple XSS problems related to parameters such as thumbnail width, thumbnail height, thumbwidth, thumbheight, wmXpos, and wmYpos, as well as template issues.

Recommendations For versions prior to 2.1.10, update to version 2.1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected parameters and template until the update is applied. Avoid using the parameters thumbnail width, thumbnail height, thumbwidth, thumbheight, wmXpos, and wmYpos in the affected template until the issue is resolved.