OSVDB ID: 71029

Title: 1 Flash Gallery Plugin for WordPress wp-content/plugins/1-flash-gallery/folder.php Multiple Parameter XSS

Info

Disclosure

Mar 08, 2011

Discovery

Unknown

Dates

Exploit

Mar 08, 2011

Solution

Unknown

Description

1 Flash Gallery Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'type' and 'gall_id' parameters upon submission to the wp-content/plugins/1-flash-gallery/folder.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

1 Plugin.com	1 Flash Gallery Plugin for WordPress	0.2.5
		1.0.0

References

Secunia Advisory ID: 43640
Related OSVDB ID: 71030
Other Advisory URL: http://www.htbridge.ch/advisory/xss_in_1_flash_gallery_wordpress_plugin.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/71029

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

1 Plugin.com

1 Flash Gallery Plugin for WordPress

References

Credit