Vulnerabilities (CVE)

Filtered by vendor Codeasily Subscribe

Filtered by product Grand Flagallery

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2011-4624	1 Codeasily	1 Grand Flagallery	2018-10-09	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
CVE-2014-8491	1 Codeasily	1 Grand Flagallery	2017-11-08	5.0 MEDIUM	5.3 MEDIUM
The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php.