CVE-2014-3123
Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0024 (0.2%)
Percentile: 47.6%
EPSS: 2026-05-06
Affects
wpgetready:nextcellent_galleryTechnical description
Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field.
Published: 5/8/2014, 2:29:15 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://secunia.com/advisories/58031
- http://www.securityfocus.com/bid/67085
- http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13
- https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog
- http://secunia.com/advisories/58031
- http://www.securityfocus.com/bid/67085
- http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13
- https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog