Vulnerabilities > Imagely > Nextgen Gallery
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-12 | CVE-2015-9229 | Cross-site Scripting vulnerability in Imagely Nextgen Gallery 2.1.15 In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | 3.5 |
2017-09-12 | CVE-2015-9228 | Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | 9.0 |