DZS Video Gallery – preview_skin_rouge.swf logoLink Parameter Reflected XSS | CVE 2014-3923

Affects Plugins

dzs-videogallery

Fixed in 7.95

References

CVE

CVE-2014-3923

URL

https://packetstormsecurity.com/files/#126846/

URL

https://seclists.org/fulldisclosure/2014/May/157

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Verified

No

WPVDB ID

6ba5232e-a728-4826-bc78-a4b0536be5e9

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2020-07-06 (about 5 years ago)

Other

Published

Title

Published

2022-01-10

Title

All-in-one Floating Contact Form < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2025-04-24

Title

GTDB Guitar Tuners <= 4.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-10-24

Title

Simple File List < 6.1.13 - Reflected Cross-Site Scripting

Published

2024-07-26

Title

aThemes Starter Sites < 1.0.54 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Published

2023-03-20

Title

TreePress – Easy Family Trees & Ancestor Profiles < 3.0.0 - Admin+ Stored Cross-Site Scripting