Summary
This host is running WordPress PhotoSmash Galleries Plugin and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary code in the context of an application.
Impact Level: Application
Solution
Upgrade to WordPress PhotoSmash Galleries Plugin version 1.0.5 or later, For updates refer to http://wordpress.org/extend/plugins/photosmash-galleries/
Insight
The flaw is caused by improper validation of user-supplied input passed via the 'action' parameter to /wp-content/plugins/photosmash-galleries/index.php, that allows attackers to execute arbitrary HTML and script code on the web server.
Affected
WordPress PhotoSmash Galleries Plugin version 1.0.1
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability