Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4) preview_skin_overlay.swf in deploy/.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2014/May/157 | Exploit |
http://websecurity.com.ua/7183 | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:20:22
Updated: 2022-10-03T16:20:22
Reserved: 2022-10-03T00:00:00
Link: CVE-2014-3923
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-05-30T14:55:09.833
Modified: 2014-06-25T17:59:21.437
Link: CVE-2014-3923
JSON object: View
Redhat Information
No data.
CWE