CVE-2008-7175

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.

Published: Sep 8, 2009
Updated: Nov 9, 2025
CVE: CVE-2008-7175
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
alex_rabe / nextgen_gallery	-	0.96.x
alex_rabe / nextgen_gallery	0.33	0.33.x
alex_rabe / nextgen_gallery	0.34	0.34.x
alex_rabe / nextgen_gallery	0.35	0.35.x
alex_rabe / nextgen_gallery	0.36	0.36.x
alex_rabe / nextgen_gallery	0.37	0.37.x
alex_rabe / nextgen_gallery	0.39	0.39.x
alex_rabe / nextgen_gallery	0.40	0.40.x
alex_rabe / nextgen_gallery	0.41	0.41.x
alex_rabe / nextgen_gallery	0.42	0.42.x
alex_rabe / nextgen_gallery	0.43	0.43.x
alex_rabe / nextgen_gallery	0.50	0.50.x
alex_rabe / nextgen_gallery	0.51	0.51.x
alex_rabe / nextgen_gallery	0.52	0.52.x
alex_rabe / nextgen_gallery	0.60	0.60.x
alex_rabe / nextgen_gallery	0.61	0.61.x
alex_rabe / nextgen_gallery	0.62	0.62.x
alex_rabe / nextgen_gallery	0.63	0.63.x
alex_rabe / nextgen_gallery	0.64	0.64.x
alex_rabe / nextgen_gallery	0.70	0.70.x
alex_rabe / nextgen_gallery	0.71	0.71.x
alex_rabe / nextgen_gallery	0.72	0.72.x
alex_rabe / nextgen_gallery	0.73	0.73.x
alex_rabe / nextgen_gallery	0.74	0.74.x
alex_rabe / nextgen_gallery	0.80	0.80.x
alex_rabe / nextgen_gallery	0.81	0.81.x
alex_rabe / nextgen_gallery	0.82	0.82.x
alex_rabe / nextgen_gallery	0.83	0.83.x
alex_rabe / nextgen_gallery	0.90	0.90.x
alex_rabe / nextgen_gallery	0.91	0.91.x
alex_rabe / nextgen_gallery	0.92	0.92.x
alex_rabe / nextgen_gallery	0.93	0.93.x
alex_rabe / nextgen_gallery	0.94	0.94.x
alex_rabe / nextgen_gallery	0.95	0.95.x

Vulnerability Database

313,825

CVE-2008-7175

Deep Security Visibility Without the Complexity