Title: [Plugin: NextGEN Gallery] NextGen Gallery Vulnerability Issue
Last modified: August 19, 2016

---

# [Plugin: NextGEN Gallery] NextGen Gallery Vulnerability Issue

 *  [fakshon](https://wordpress.org/support/users/fakshon/)
 * (@fakshon)
 * [16 years, 11 months ago](https://wordpress.org/support/topic/plugin-nextgen-gallery-nextgen-gallery-vulnerability-issue/)
 * I was doing some research on the NextGen Gallery and came to the information 
   below. I was wondering if this Vulnerability had been fixed, the reason I asked
   should be fairly obvious. Thanks again for the great plug-in and I hope to hear
   your response.
 * Found on this website: [http://www.juniper.net/security/auto/vulnerabilities/vuln29607.html](http://www.juniper.net/security/auto/vulnerabilities/vuln29607.html)
 * Title: NextGEN Gallery WordPress Plugin ‘nggallery-manage-gallery’ HTML Injection
   Vulnerability
    Severity: MODERATE Description:
 * The NextGEN Gallery plugin for WordPress is a web-based photo application implemented
   in PHP.
 * The application is prone to an HTML-injection vulnerability because it fails 
   to sanitize user-supplied input. This issue affects the description textbox provided
   by the ‘nggallery-manage-gallery’ action of the ‘admin.php’ script.
 * Attacker-supplied HTML and script code would run in the context of the affected
   site, potentially allowing the attacker to steal cookie-based authentication 
   credentials or to control how the site is rendered to the user; other attacks
   are also possible.
 * NextGEN Gallery 0.96 is vulnerable; other versions may also be affected.
    Affected
   Products:
 *  * Alex Rabe NextGEN Gallery 0.96
 * References:
 *  * Alex Rabe: NextGEN Gallery Homepage
 * Juniper Networks provides this content via a wide variety of sources and production
   methods. If notified of errors or omissions in the content of this page, Juniper
   Networks, at its discretion, will modify or remove the page or leave the content
   as is, depending on various factors including but not limited to the reputation
   and authority of the party providing the notification. Please use the contact
   information displayed elsewhere on this page to report any errors or omissions
   regarding the content on this page.

Viewing 1 replies (of 1 total)

 *  [Alex Rabe](https://wordpress.org/support/users/alexrabe/)
 * (@alexrabe)
 * [16 years, 11 months ago](https://wordpress.org/support/topic/plugin-nextgen-gallery-nextgen-gallery-vulnerability-issue/#post-1109157)
 * See [http://alexrabe.boelinger.com/2008/06/18/security-issue-or-not/](http://alexrabe.boelinger.com/2008/06/18/security-issue-or-not/)

Viewing 1 replies (of 1 total)

The topic ‘[Plugin: NextGEN Gallery] NextGen Gallery Vulnerability Issue’ is closed
to new replies.

 * 1 reply
 * 2 participants
 * Last reply from: [Alex Rabe](https://wordpress.org/support/users/alexrabe/)
 * Last activity: [16 years, 11 months ago](https://wordpress.org/support/topic/plugin-nextgen-gallery-nextgen-gallery-vulnerability-issue/#post-1109157)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics