CVE-2014-2333

Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/57746	Vendor Advisory
http://wordpress.org/plugins/lazyest-gallery/changelog	Vendor Advisory
http://www.securityfocus.com/bid/66756
https://exchange.xforce.ibmcloud.com/vulnerabilities/92598
http://secunia.com/advisories/57746	Vendor Advisory
http://wordpress.org/plugins/lazyest-gallery/changelog	Vendor Advisory
http://www.securityfocus.com/bid/66756
https://exchange.xforce.ibmcloud.com/vulnerabilities/92598

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery::::::wordpress::*
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.1:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.1.1:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.2.1:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.3:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.3.1:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.3.2:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.3.3:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.4:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.5:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.6:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.7:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.7.1:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.8:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.8.1:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.9:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.9.1:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.10:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.10.1:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.11:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.12:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.13:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.14:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.15:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.16:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.17.1:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.17.2:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.17.4:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.18:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.19:::::wordpress::
	cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.19.1:::::wordpress::

History

21 Nov 2024, 02:06

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/57746 - Vendor Advisory~~	() http://secunia.com/advisories/57746 - Vendor Advisory
References	~~() http://wordpress.org/plugins/lazyest-gallery/changelog - Vendor Advisory~~	() http://wordpress.org/plugins/lazyest-gallery/changelog - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/66756 -~~	() http://www.securityfocus.com/bid/66756 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/92598 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/92598 -

Information

Published : 2014-04-11 14:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-2333

Mitre link : CVE-2014-2333

CVE.ORG link : CVE-2014-2333

JSON object : View

Products Affected

marcel_brinkkemper

lazyest-gallery

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2014-2333", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-04-11T14:55:05.710", "references": [{"url": "http://secunia.com/advisories/57746", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://wordpress.org/plugins/lazyest-gallery/changelog", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/66756", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92598", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57746", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wordpress.org/plugins/lazyest-gallery/changelog", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/66756", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92598", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el plugin Lazyest Gallery anterior a 1.1.21 para WordPress permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de una etiqueta EXIF. NOTA: algunos de estos detalles se obtienen de informaci\u00f3n de terceras partes."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9B53BD3A-05AE-45D6-B2B8-48C4401151C4", "versionEndIncluding": "1.1.20"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "18BC6184-1BFB-4114-96A6-A1495312CB52"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B9CBA3DD-0BFC-441B-8D75-4E7ADD75605E"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.1.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8F711E8A-6643-4349-917E-4044165640A3"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.2.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "41FDDBDD-BD33-405D-81CE-80B2B4B9A60E"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FB51BB60-0355-4CA0-8640-F44877BDC4DD"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.3.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4A57C877-9541-431F-915C-80D0127487D6"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.3.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B0D564CB-6251-4182-9B13-357F33D945F7"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.3.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B528D512-0A57-4358-AEC8-A7488765F9E7"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "511053D1-39D5-43C2-944B-61CD141796ED"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8959F3FE-2FE4-4D41-B397-494F21B0CFAB"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "159A34E3-B5A4-4B96-A40A-342B0980515D"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B7E9EF17-2DB8-495B-8DE8-A869FA518073"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.7.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "70D287C5-1B8A-4FD2-A2DD-2542FA4E25A2"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9040C740-A3E0-4762-9A39-85A820FADD82"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.8.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "368628F4-7E75-4163-9F80-1F3E8F288775"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B74AE703-F193-40DC-B752-7F1CF14B37CD"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.9.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0A16F61F-E7FD-40F6-B747-9764EA7D8897"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.10:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6521B9D4-DE11-44C7-B597-66D08F866929"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.10.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "435790C6-FAFB-43AF-87E4-78A541055000"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.11:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "61A64E9E-E887-45B3-AC38-CEE36B0792E4"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.12:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "782E3A9E-C281-435D-B444-57CC0F938CF7"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.13:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4443E0C7-EB94-400A-8DED-0CDD1B84DD9C"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.14:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "3134E6A9-27CC-49C1-96C8-F87FDECD9642"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.15:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "12B81587-AD94-47C8-B72B-8BEA4C5E6E22"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.16:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "39395A6E-3246-4213-B831-E44593366416"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.17.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AB9E8281-CC40-432F-B828-92C0AC0530FF"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.17.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "11DE2509-24D1-4EF4-B4E0-E1116B5C7182"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.17.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C43F651C-2F9E-4C60-873A-BCC1294F1D80"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.18:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9373B31C-8DAB-4BC4-ABC2-FB409C9CF651"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.19:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "937ED353-C41C-4113-B068-E06020F6B7D4"}, {"criteria": "cpe:2.3:a:marcel_brinkkemper:lazyest-gallery:1.1.19.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8567F71C-3DAB-42E9-9C5A-737FFC45FE42"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

2.6 /10