Title:Persistent XSS in NextCellent Gallery 1.9.13 WordPress plugin
The user supplied data for the Alt & Title Text field isn't escaped before being printed out in the value field:
Vulnerability
from nextcellent-gallery-nextgen-legacy/admin/manage-images.php lines:
503
Any user with "NextGEN Upload images" or "NextGEN Manage gallery" or "NextGEN Manage others gallery" access can conduct an XSS attack against a user with the Administrator role, in order to gain privileges.