e:["$","div",null,{"suppressHydrationWarning":true,"className":"max-w-screen overflow-hidden bg-asmPageTopBG bg-repeat-space bg-cover","children":["$","$L18",null,{"blok":{"_uid":"cb152be4-417a-4aef-9712-8494a3155411","body":[{"_uid":"4edbefe1-ae1d-43b7-8adc-d16a6e03346e","component":"global_header","reference":[{"name":"Navigation","created_at":"2025-12-29T16:21:06.224Z","published_at":"2025-12-10T18:12:48.651Z","updated_at":"2025-12-29T16:21:06.224Z","id":128350888873003,"uuid":"a01aed2a-fcd9-445e-ba4f-1e207f311d2b","content":{"_uid":"888f9d58-d099-4867-a1db-115cd704c6d4","global":[{"Nav":[{"_uid":"ba481eb4-d534-400f-b77a-aa26ad4718d2","name":"Products","title":"All Products","Navitems":[{"url":{"id":"5ba4d0b3-4dad-41b8-bbc3-6b1183a20287","url":"","linktype":"story","fieldtype":"multilink","cached_url":"attack-surface-management"},"_uid":"9960bd3d-1982-4572-a3bb-75cb0886b040","icon":{"id":21241298,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/a88052a5e6/asm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Attack Surface Management","subtitle":"Get a hacker’s view of your known & unknown assets and exposures.","component":"Headernavitem","_editable":""},{"url":{"id":"14293fda-cbfc-4292-889b-ac1fe826e69d","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-intelligence"},"_uid":"8700128b-0f30-4730-8a02-e8fb31f3527b","icon":{"id":21241294,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/7c5a26d895/vi.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Intelligence","subtitle":"Cybersecurity strategy with timely, contextual, & predictive insights.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"cbaff37c-0c5e-457a-a014-64e2a1a1579d","name":"Solutions","title":"All Solutions","Navitems":[{"url":{"id":"1fe67f71-dca0-4ae7-8086-45424812c7c2","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-management"},"_uid":"554e3dd3-c9f2-41ac-96f3-a4cfc227ecd5","icon":{"id":21241299,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/e7370ee665/vm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Management","subtitle":"Manage evolving risks with continuous threat analysis.","component":"Headernavitem","_editable":""},{"url":{"id":"9385496e-0e96-409c-a551-1be788461163","url":"","linktype":"story","fieldtype":"multilink","cached_url":"penetration-testing"},"_uid":"33edd474-13a7-4ce7-b86b-caa079bdf644","icon":{"id":21323606,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/12dc098b21/pentest-1.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Penetration Testing","subtitle":"Test your defenses before an attacker exploits them.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"bc900e69-950c-40fb-91af-9d4742d9f48e","name":"Use Cases","title":"All Use Cases","Navitems":[{"url":{"id":"0aaf2b18-9d31-4dce-937b-3dbb24b44e5a","url":"","linktype":"story","fieldtype":"multilink","cached_url":"continous-attack-surface-reduction"},"_uid":"e3765180-6f96-40eb-9f64-215b33de28db","icon":{"id":21241305,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/834a67323c/casr.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Continuous Attack Surface Reduction","subtitle":"Continuous visibility into your attack surface for proactive mitigation.","component":"Headernavitem","_editable":""},{"url":{"id":"17c33595-9ad4-45cf-aa34-1d759f00f4d8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"assets-with-known-ransomware-exploitable-vulnerabilities"},"_uid":"f8a18872-047e-4ae1-91ce-e54afb29b485","icon":{"id":21448618,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/4a5cbbbb3f/assets.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Assets with Known Ransomware & Exploitable Vulnerabilities","subtitle":"Discover if you are exposed to known ransomware vulnerabilities or not.","component":"Headernavitem","_editable":""},{"url":{"id":"59a08f71-0be4-46cf-9b61-af87e90775de","url":"","linktype":"story","fieldtype":"multilink","cached_url":"network-application-vulnerability-management"},"_uid":"68ad5556-028e-42c4-8c40-5278f33da543","icon":{"id":21241295,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/0fcbc28b9d/navm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Network & Application Vulnerability Management","subtitle":"We scan, detect, analyze, & prioritize vulnerabilities in your network & apps.","component":"Headernavitem","_editable":""},{"url":{"id":"e357eb6c-b37f-42c2-8160-c55410d1c6fd","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-prioritization"},"_uid":"7e2e4250-652c-47cd-8118-25c56396cfee","icon":{"id":21448658,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/5582316119/vulnerability-priortization.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Prioritization","subtitle":"Prioritize vulnerabilities for quicker remediation.","component":"Headernavitem","_editable":""},{"url":{"id":"1f0dc561-50ef-4fbe-b051-11e113988951","url":"","linktype":"story","fieldtype":"multilink","cached_url":"network-infrastructure-penetration-testing"},"_uid":"79250bf9-09ba-4dea-86bd-f576850a3057","icon":{"id":21241302,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/a9a76f74bf/nipt.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Network & Infrastructure Penetration Testing","subtitle":"Penetration experts simulate real-world attacks on your environment.","component":"Headernavitem","_editable":""},{"url":{"id":"44727d2d-19cd-4f69-a329-ccef5b64a5a7","url":"","linktype":"story","fieldtype":"multilink","cached_url":"meet-your-compliance-requirements"},"_uid":"d1abf960-90ab-4e4a-8147-89d998b16f3b","icon":{"id":21448637,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/9e6ffcf73a/meet.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Meet your Compliance Requirements","subtitle":"Manage compliance requirements and test your security controls.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"ce844fb3-7d75-43ca-b03d-fc2d36f03121","link":{"id":"c801d107-dc40-4bc1-99ba-243fe92ceee1","url":"","linktype":"story","fieldtype":"multilink","cached_url":"partners"},"name":"Partners","title":"Partners","Navitems":[],"component":"Navigation","_editable":""},{"_uid":"65cfc6ff-bb0b-4ff4-bd69-f3ab676e570f","name":"Resources","title":"All Resources","Navitems":[{"url":{"id":"db92bf62-b3aa-4767-8c4d-f8e6a6588af8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"reports"},"_uid":"cce882f8-f607-4ed6-9f5d-7d967509161b","icon":{"id":21241293,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/e019aafb50/reports.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Reports","subtitle":"Your trusted source for comprehensive insights.","component":"Headernavitem","_editable":""},{"url":{"id":"71481572-d542-499b-ba96-cf7eb6530c95","url":"","linktype":"story","fieldtype":"multilink","cached_url":"press-releases"},"_uid":"726f54bb-f50b-4d15-a032-564bc3ece243","icon":{"id":21241296,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/31f000d7f1/mc.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Press Releases","subtitle":"Latest announcements from Securin.","component":"Headernavitem","_editable":""},{"url":{"id":"","url":"https://www.securin.io/articles","linktype":"url","fieldtype":"multilink","cached_url":"https://www.securin.io/articles"},"_uid":"a734e86d-446c-4740-9fd5-67cd33a6ddff","icon":{"id":21241300,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/4f16501ed6/articles.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Articles","subtitle":"Read about the latest news & updates in cybersecurity.","component":"Headernavitem","_editable":""},{"url":{"id":"58fb24b2-197b-40c9-b96c-917f20a5203c","url":"","linktype":"story","fieldtype":"multilink","cached_url":"media-coverage"},"_uid":"c5455cdc-c4aa-4a7c-a24e-5cb816ba10e3","icon":{"id":22191227,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/689424e016/media-coverage-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Media Coverage","subtitle":"See Securin in the news.","component":"Headernavitem","_editable":""},{"url":{"id":"e9406dca-295b-4e76-8a13-3b057260fbf8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"zero-days"},"_uid":"cd0d1ab4-7b63-433d-b14a-d20dd2029925","icon":{"id":22191228,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/16276d1e46/zero-days-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Zero Days","subtitle":"Zero days discovered by Securin as a CNA.","component":"Headernavitem","_editable":""},{"url":{"id":"f8a9fdba-9a79-4683-b055-196f6972b35f","url":"","linktype":"story","fieldtype":"multilink","cached_url":"ai-research-and-development"},"_uid":"cf2db2da-1796-4a63-9172-45e2fa707f4e","icon":{"id":23128701,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/100x100/98f24a7a21/ai-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"AI R&D","subtitle":"Transforming AI security","component":"Headernavitem","_editable":""},{"url":{"id":"294fda8c-1175-4451-a050-4bd6a905b4d5","url":"","linktype":"story","fieldtype":"multilink","cached_url":"glossary"},"_uid":"9ff4140b-e81b-4e52-98c2-acd88945ac3f","icon":{"id":119355095319110,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/2b0bf16205/whatsapp-image-2025-12-03-at-5-47-53-pm.jpeg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Glossary","subtitle":"Your essential cybersecurity glossary.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"4c1f8557-0141-4730-8f9f-53d1afccd253","name":"About Us","title":"About Us","Navitems":[{"url":{"id":"d50c67b9-5e79-4b73-b17e-64b2b62cd1c8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"overview"},"_uid":"ab8f54f9-4c47-47bd-8b3e-968740897e02","icon":{"id":21448402,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/9c403d1155/who-we-are.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Who We Are","subtitle":"Get to know us better!","component":"Headernavitem","_editable":""},{"url":{"id":"","url":"https://careers.securin.io/jobs/Careers","target":"_blank","linktype":"url","fieldtype":"multilink","cached_url":"https://careers.securin.io/jobs/Careers"},"_uid":"eaec0e73-d5ad-4a34-b535-54c2f6f45d70","icon":{"id":21448419,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/37c7256d56/career.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Careers","subtitle":"Come work with us.","component":"Headernavitem","_editable":""},{"url":{"id":"2de96d0f-a87b-4413-844a-afdc684462ee","url":"","linktype":"story","fieldtype":"multilink","cached_url":"patents"},"_uid":"99148571-68ba-4af3-a2b5-28df368679c5","icon":{"id":22748194,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/312x385/be4d582b51/securin-patent-1.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Patents","subtitle":"Our innovative cybersecurity patents .","component":"Headernavitem","_editable":""},{"url":{"id":"459c627c-58d2-4d3b-9041-a2c79e1452c9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"contact-us"},"_uid":"60f08250-27e1-4de0-b251-a4e241d593fa","icon":{"id":21448457,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/1cdadd4651/let-s-chat.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Let's Chat","subtitle":"Connect with our experts.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""}],"_uid":"2cf86c8f-c4a6-4a06-b37e-514864bee646","component":"GlobalNav","_editable":""}],"component":"Global","_editable":""},"slug":"navigation","full_slug":"global/navigation","sort_by_date":null,"position":-10,"tag_list":[],"is_startpage":false,"parent_id":128350878718819,"meta_data":null,"group_id":"7eece501-7a27-4c71-8033-d7a2ec2f9b6e","first_published_at":"2025-03-05T13:02:52.985Z","release_id":null,"lang":"default","path":null,"alternates":[],"default_full_slug":null,"translated_slugs":null,"_stopResolving":true}],"_editable":""},{"_uid":"806a061f-8c6a-4e76-a304-af973b8af6b0","lead":"CVE-2015-9229","image":{"id":22105304,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/382x407/4c49b237d1/zerodaysmedium.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"heading":"Securin Zero-Days","component":"Zero Days Hero","subheading":"Reflected Cross-Site Scripting in NextGEN Gallery","published_date":"2015-02-17 18:51","publisher_icon":{"id":22338059,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/1200x1200/fc41066064/nextgen-healthcare.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"_editable":""},{"_uid":"0d770317-59d6-43e5-8788-ba78d171568e","component":"Zero Days Table","TableColumn":[{"_uid":"a25557b9-165d-4112-bf09-32ed0f8d1e42","lead":"Imagely","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Vendor","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"50ee0394-b48c-47d5-9b41-228354a9849b","lead":"NextGEN Gallery","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Affected Product","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"40105dfa-9801-4fc4-ae18-82c9bf7fa40f","lead":"CVE-2015-9229","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"CVE","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"ee77fdf5-489a-448e-8a8e-db9609e84050","lead":"2015-CSW-09-1004\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Securin ID","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"f6141e15-7269-43d7-9243-7a27ed9b1ecd","lead":"Fixed","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Status","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"af1bb479-00e0-48ac-a88a-94f10ab9bb9d","lead":"February 17, 2015\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Date","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""}],"_editable":""},{"_uid":"36698a31-a1f6-4d14-98e2-35dc4102085d","content":{"type":"doc","content":[{"type":"heading","attrs":{"level":3},"content":[{"text":"Description","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"Multiple Cross-Site Scripting (XSS) vulnerability was identified on the WordPress plugin Gravity Forms before 2.1.15 in the nggallery-manage-gallery page.","type":"text","marks":[{"type":"textStyle","attrs":{"color":"#000000"}}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Proof of Concept (POC):","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"Visit the following page on a site with this plugin installed.","type":"text"}]},{"type":"paragraph","content":[{"text":"http://yourwordpresssite.com/wordpress/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=1&paged=1","type":"text","marks":[{"type":"link","attrs":{"href":"https://web.archive.org/web/20250221152514/http://yourwordpresssite.com/wordpress/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=1&paged=1","uuid":null,"anchor":null,"target":null,"linktype":"url"}}]},{"text":" and modify the value of images[1][alttext] and path variable in NextGEN Gallery Photocrati Version 2.1.10 with ’)”> payload and save it to view further. Now, the added XSS payload is executed whenever the user reviews it.","type":"text"}]},{"type":"paragraph","content":[{"text":"Note:","type":"text","marks":[{"type":"bold"}]},{"text":" XSS payload was tried with the application once after implementing Unfiltered Html Settings as defined to the wp-config.php file.","type":"text"}]},{"type":"paragraph","content":[{"text":"Define (‘DISALLOW_UNFILTERED_HTML’, true);","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"text":"POST request parameter images[1][alttext] variable in the given URL ","type":"text"},{"text":"http://localhost/wordpress/wpadmin/admin.php?page=nggallerymanagegallery&mode=edit&gid=1&paged=1","type":"text","marks":[{"type":"link","attrs":{"href":"https://web.archive.org/web/20250221152514/http://localhost/wordpress/wpadmin/admin.php?page=nggallerymanagegallery&mode=edit&gid=1&paged=1","uuid":null,"anchor":null,"target":null,"linktype":"url"}}]},{"text":" of NextGEN Gallery Plugin version 2.1.10 is vulnerable to Cross-Site Scripting (XSS).","type":"text"}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22343111,"alt":"","src":"https://a.storyblok.com/f/313778/1005x465/3a221939c0/figure-1-alttext-variable-in-the-given-url-http-_localhost_wordpress_wp-admin_admin-php_page-nggallery-manage-gallery-mode-edit-gid-1-paged-1.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure 01: [alttext]variable in the given URL ","type":"text","marks":[{"type":"bold"},{"type":"italic"}]},{"text":"http://localhost/wordpress/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=1&paged=1","type":"text","marks":[{"type":"link","attrs":{"href":"https://web.archive.org/web/20250221152514/http://localhost/wordpress/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=1&paged=1","uuid":null,"anchor":null,"target":null,"linktype":"url"}},{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22343114,"alt":"","src":"https://a.storyblok.com/f/313778/1119x463/f99f3c1916/figure-2-xss-payload-gets-executed-in-the-browser-whenever-the-user-views-it.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure 02: XSS Payload gets executed in the browser whenever the user views it.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22343113,"alt":"","src":"https://a.storyblok.com/f/313778/1357x477/bc7c55517d/figure-3-xss-payload-injected-to-pathvariable.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"03: XSS Payload injected to pathvariable in the given URL ","type":"text","marks":[{"type":"bold"},{"type":"italic"}]},{"text":"http://localhost/wordpress/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=3&paged=1","type":"text","marks":[{"type":"link","attrs":{"href":"https://web.archive.org/web/20250221152514/http://localhost/wordpress/wp-admin/admin.php?page=nggallery-manage-gallery&mode=edit&gid=3&paged=1","uuid":null,"anchor":null,"target":null,"linktype":"url"}},{"type":"bold"},{"type":"italic"}]}]},{"type":"paragraph","content":[{"type":"image","attrs":{"id":22343112,"alt":"","src":"https://a.storyblok.com/f/313778/1324x527/bec4221fe4/figure-4-xss-payload-gets-executed-in-the-browser-whenever-the-user-views-it.png","title":"","source":"","copyright":"","meta_data":{}}}]},{"type":"paragraph","content":[{"text":"Figure 04: XSS Payload gets executed in the browser whenever the user views it.","type":"text","marks":[{"type":"bold"},{"type":"italic"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Impact","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"An XSS vulnerability allows an attacker to inject malicious code into the applications via the images [1] [alttext] parameter.","type":"text","marks":[{"type":"textStyle","attrs":{"color":"#000000"}}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Remediations","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph","content":[{"text":"Download the latest updated version of the Nextgen plugin and apply the patch as per vendor advisory.","type":"text","marks":[{"type":"textStyle","attrs":{"color":"#000000"}}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Timeline","type":"text","marks":[{"type":"bold"}]}]},{"type":"paragraph"}]},"component":"Zero Days Content","_editable":""},{"_uid":"d23431e6-b0c4-4b31-b8ef-7fc30f713473","component":"Timeline Content","TimelineItems":[{"_uid":"88f4261a-bbfc-4d1c-b625-0184fe61c4cf","lead":"Discovered in NextGen Gallery 2.1.7 version.\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Feb 17, 2015","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"6c6ff5df-8b17-4452-b74b-6227bf9c1bf3","lead":"Reported to WordPress.\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Feb 17, 2015","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"d4aa64d1-e207-4baf-8bcd-cac1efb3f74d","lead":"The vendor acknowledged the issue.\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Feb 18, 2015","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"b533156f-15cf-4852-aa4c-70bf76a62215","lead":"Same vulnerability once again discovered in NextGen Gallery 2.1.10 version.\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Sep 04, 2015","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"474817f4-a273-4fcf-9012-9f09aeef185c","lead":"Same vulnerability exists in NextGen Gallery 2.1.15 version.\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Sep 09, 2015","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"c8301c1e-7012-4c57-afa8-0c440b0f05e0","lead":"Reported multiple XSS on version 2.1.15 directly to the Photocrati vendor and reminded the developer.\n\n","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Sep 14, 2015","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""}],"_editable":""},{"_uid":"7f1fa798-d559-4e8d-acba-4b5158cf64f2","icon":{"id":22108202,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/54x69/75ce3828b1/zerodaysfc.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"text":"Let Securin level up your security posture!","component":"Zero Days Footer CTA","buttonLink":{"id":"459c627c-58d2-4d3b-9041-a2c79e1452c9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"contact-us"},"buttonText":"Start Now","_editable":""},{"_uid":"c80c46e2-704d-4662-b20a-4f2afeaf2950","component":"global_reference","reference":[{"name":"Footer","created_at":"2025-12-29T16:21:06.224Z","published_at":"2025-09-25T08:28:11.663Z","updated_at":"2025-12-29T16:21:06.224Z","id":128350888873002,"uuid":"dab2b928-0fc3-4089-80b3-767d414eae87","content":{"_uid":"78c16d78-9604-4304-8964-fb9c971cec17","global":[{"_uid":"c38a57d1-6019-4662-ac0d-4ff9dc3d2700","items":[{"_uid":"1321a724-b4f0-4637-b2d7-4d958f76bcb7","text":"Securin helps leaders continuously improve their security posture. We work as an extension of your team to better protect your organization.","image":{"id":21111115,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/196x43/202124087b/securinlogo.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"FooterColumn1","sociallinks":[{"url":{"id":"","url":"https://www.facebook.com/securininc/","linktype":"url","fieldtype":"multilink","cached_url":"https://www.facebook.com/securininc/"},"_uid":"483fbfd4-d5de-4cfc-930a-99ad920c9b51","image":{"id":21111123,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/31d436da9a/facebook.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.linkedin.com/company/securin-inc","linktype":"url","fieldtype":"multilink","cached_url":"https://www.linkedin.com/company/securin-inc"},"_uid":"fd906267-1e23-41b9-8453-c00359787bc4","image":{"id":21111126,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/d1c9e6c6b2/linkedin.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://x.com/securin_inc","linktype":"url","fieldtype":"multilink","cached_url":"https://x.com/securin_inc"},"_uid":"023d62af-458f-4af0-b057-c421664bc550","image":{"id":21111125,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/7fa2bcc6d1/x.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.youtube.com/channel/UCUbeF1KnED2KR87b74moVng","linktype":"url","fieldtype":"multilink","cached_url":"https://www.youtube.com/channel/UCUbeF1KnED2KR87b74moVng"},"_uid":"27bc3da1-b1bf-452b-899b-f726e0573785","image":{"id":21111124,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/5bab65fc1e/yt.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.instagram.com/securininc/","linktype":"url","fieldtype":"multilink","cached_url":"https://www.instagram.com/securininc/"},"_uid":"bca52616-0b28-48b1-9ff5-78da89049b91","image":{"id":21111122,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/e2b9a06f92/instagram.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""}],"_editable":""},{"_uid":"0550b47c-24a0-4335-a246-a44b5447a111","email":"info@securin.io","phone":"+1 844-391-2089","title":"Contact Us","address":"2440 Louisiana Blvd NE #560, Albuquerque, NM 87110","component":"FooterColumn2","_editable":""},{"_uid":"4261e9fd-90be-43ba-989c-b18bf214df1a","Title":"Solutions","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"5ba4d0b3-4dad-41b8-bbc3-6b1183a20287","url":"","linktype":"story","fieldtype":"multilink","cached_url":"attack-surface-management"},"_uid":"4b5af435-681f-4ddf-a514-d42f5b500594","text":"Attack Surface Management","component":"FooterLink","_editable":""},{"url":{"id":"14293fda-cbfc-4292-889b-ac1fe826e69d","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-intelligence"},"_uid":"05012d2c-7e65-4796-abfe-cec840dcec79","text":"Vulnerability Intelligence","component":"FooterLink","_editable":""},{"url":{"id":"1fe67f71-dca0-4ae7-8086-45424812c7c2","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-management"},"_uid":"0c3f0709-675a-401a-b6aa-cdddae9f88de","text":"Vulnerability Management","component":"FooterLink","_editable":""},{"url":{"id":"9385496e-0e96-409c-a551-1be788461163","url":"","linktype":"story","fieldtype":"multilink","cached_url":"penetration-testing"},"_uid":"a11c509a-3975-4115-9b5b-17fad5298c18","text":"Penetration Testing","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"9bdee094-39b9-4230-8c02-a2bfb41f6f2e","Title":"Resources","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"","url":"https://www.securin.io/articles","linktype":"url","fieldtype":"multilink","cached_url":"https://www.securin.io/articles"},"_uid":"3d29a8a0-0be1-4d0e-891e-6c1e17171484","text":"Articles","component":"FooterLink","_editable":""},{"url":{"id":"db92bf62-b3aa-4767-8c4d-f8e6a6588af8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"reports"},"_uid":"0e1baf58-1d99-4a31-b715-20c0014c0c7f","text":"Reports","component":"FooterLink","_editable":""},{"url":{"id":"71481572-d542-499b-ba96-cf7eb6530c95","url":"","linktype":"story","fieldtype":"multilink","cached_url":"press-releases"},"_uid":"c7cc1a4b-a94e-4152-89f8-9de0b70693b8","text":"Press Releases","component":"FooterLink","_editable":""},{"url":{"id":"58fb24b2-197b-40c9-b96c-917f20a5203c","url":"","linktype":"story","fieldtype":"multilink","cached_url":"media-coverage"},"_uid":"05496d03-da7f-4506-96b9-5cecdb65a5ad","text":"Media Coverage","component":"FooterLink","_editable":""},{"url":{"id":"e9406dca-295b-4e76-8a13-3b057260fbf8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"zero-days"},"_uid":"ecbd6fa6-92c0-4bc0-842a-93703b0447a4","text":"Zero Days","component":"FooterLink","_editable":""},{"url":{"id":"f8a9fdba-9a79-4683-b055-196f6972b35f","url":"","linktype":"story","fieldtype":"multilink","cached_url":"ai-research-and-development"},"_uid":"bfa230aa-d0e3-461b-b426-e6630fdc0c69","text":"AI R&D","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"fee5eb9a-d971-4764-b21c-bc91df2b059c","Title":"Company","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"d50c67b9-5e79-4b73-b17e-64b2b62cd1c8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"overview"},"_uid":"4d9f8089-31c1-4a0b-884c-f3f95e198df7","text":"Who We Are","component":"FooterLink","_editable":""},{"url":{"id":"b50e02db-acf6-421f-9818-eeb29d991537","url":"","linktype":"story","fieldtype":"multilink","cached_url":"careers"},"_uid":"77b87ac9-8c7a-448a-96ee-4a92183f9792","text":"Careers","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"e387cd83-c5ac-49d4-92ce-e9e9bcce9e7e","links":[{"url":{"id":"7fc51f60-331b-42d5-bb41-4b190aca7e66","url":"","linktype":"story","fieldtype":"multilink","cached_url":"privacy-policy"},"_uid":"b6e10f1b-9d8b-419c-9ce2-e5a621144105","text":"Privacy Policy","component":"FooterLink","_editable":""},{"url":{"id":"b30581f8-32a0-467a-a935-eda15bf6d9e9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"customer-agreements"},"_uid":"3346f5e4-a947-44e0-9ed7-c4ff38a42e30","text":"Customer Agreements","component":"FooterLink","_editable":""},{"url":{"id":"","url":"","linktype":"story","fieldtype":"multilink","cached_url":""},"_uid":"718dc509-b52a-4050-a565-2ed72524f0ff","text":"Sitemap","component":"FooterLink","_editable":""}],"component":"FooterBottom","copyright":"© Copyright 2025 Securin. All Rights Reserved.","_editable":""}],"component":"GlobalFooter","FooterBottom":[{"_uid":"c31edcc5-d2cb-4d2c-b4d6-c91225c9cee8","links":[{"url":{"id":"7fc51f60-331b-42d5-bb41-4b190aca7e66","url":"","linktype":"story","fieldtype":"multilink","cached_url":"privacy-policy"},"_uid":"aa9fd59a-54a5-4be0-881e-566b063eea06","text":"Privacy Policy","component":"FooterLink","_editable":""},{"url":{"id":"b30581f8-32a0-467a-a935-eda15bf6d9e9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"customer-agreements"},"_uid":"b1904ce9-2542-4525-8c04-9c3576c62afa","text":"Customer Agreements","component":"FooterLink","_editable":""}],"component":"FooterBottom","copyright":"© Copyright 2025 Securin. All Rights Reserved.","_editable":""}],"_editable":""}],"component":"Global","_editable":""},"slug":"footer","full_slug":"global/footer","sort_by_date":null,"position":0,"tag_list":[],"is_startpage":false,"parent_id":128350878718819,"meta_data":null,"group_id":"f7518288-834a-4090-94b8-8ef3b2143a8c","first_published_at":"2025-02-26T08:19:02.299Z","release_id":null,"lang":"default","path":null,"alternates":[],"default_full_slug":null,"translated_slugs":null,"_stopResolving":true}],"_editable":""}],"component":"page","datasheet":{"id":"","url":"","linktype":"story","fieldtype":"multilink","cached_url":""},"metafields":{"_uid":"b0337aeb-a0cb-4d33-a404-50b260abfbed","title":"CVE-2015-9229: XSS in NextGEN Gallery Plugin","plugin":"seo_metatags","og_image":"https://a.storyblok.com/f/313778/1200x1200/1ff571cfe8/securin-thumb.jpg","og_title":"CVE-2015-9229: XSS in NextGEN Gallery Plugin","description":"Securin reports CVE-2015-9229—a cross-site scripting flaw in NextGEN Gallery plugin v2.1.15 for WordPress via the images[1][alttext] parameter. Learn about risks and mitigation steps.","twitter_image":"https://a.storyblok.com/f/313778/1200x1200/1ff571cfe8/securin-thumb.jpg","twitter_title":"CVE-2015-9229: XSS in NextGEN Gallery Plugin","og_description":"Securin reports CVE-2015-9229—a cross-site scripting flaw in NextGEN Gallery plugin v2.1.15 for WordPress via the images[1][alttext] parameter. Learn about risks and mitigation steps.","twitter_description":"Securin reports CVE-2015-9229—a cross-site scripting flaw in NextGEN Gallery plugin v2.1.15 for WordPress via the images[1][alttext] parameter. Learn about risks and mitigation steps."},"_editable":""}}]}]