alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress NextGEN Gallery Plugin Cross Site Scripting Attempt"; flow:established,to_server; http.method; content:"GET"; nocase; http.uri; content:"/wp-content/plugins/nextgen-gallery/xml/media-rss.php"; nocase; content:"mode="; nocase; pcre:"/(script|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange)/i"; reference:url,www.coresecurity.com/content/nextgen-gallery-xss-vulnerability; reference:cve,2010-1186; classtype:web-application-attack; sid:2011006; rev:5; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2010_07_30, cve CVE_2010_1186, deployment Datacenter, signature_severity Major, tag XSS, tag Cross_Site_Scripting, tag Wordpress, updated_at 2020_09_09;)