Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the videoadssearchQuery parameter to (1) videoads/videoads.php, (2) video/video.php, or (3) playlist/playlist.php.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apptha | Contus Video Gallery | 2.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127611/WordPress-Video-Gallery-2.5-Cross-SiExploit
- http://www.securityfocus.com/bid/68883
- http://packetstormsecurity.com/files/127611/WordPress-Video-Gallery-2.5-Cross-SiExploit
- http://www.securityfocus.com/bid/68883
FAQ
What is CVE-2014-9098?
CVE-2014-9098 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users ...
How severe is CVE-2014-9098?
CVE-2014-9098 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9098?
Check the references section above for vendor advisories and patch information. Affected products include: Apptha Contus Video Gallery.