NextGEN Gallery < 2.1.10 – Multiple XSS | CVE 2015-9537

Affects Plugins

nextgen-gallery

Fixed in 2.1.10

References

CVE

CVE-2015-9537

URL

https://www.openwall.com/lists/oss-security/2015/10/27/4

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.4 (medium)

Miscellaneous

Verified

No

WPVDB ID

4572196e-c615-439a-9821-6d43e3e8dc07

Timeline

Publicly Published

2015-10-27 (about 10 years ago)

Added

2019-11-26 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2024-05-07

Title

Gold Addons for Elementor < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-01-31

Title

WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting

Published

2024-03-25

Title

Carousel Slider < 2.2.7 - Editor+ Stored XSS

Published

2026-02-13

Title

Payment Page | Payment Form for Stripe < 1.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter

Published

2026-01-07

Title

ListingHub 1.2.6 - Unauthenticated Stored Cross-Site Scripting