Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-86359
HistoryNov 30, 2022 - 12:00 a.m.

WordPress Photospace Gallery plugin cross-site scripting vulnerability

2022-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
10

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Photospace Gallery plugin 2.3.5 and its previous versions are vulnerable to cross-site scripting, which stems from insufficient input cleanup and output escaping, and the settings parameters saved via the update() function are vulnerable to stored cross-site scripting. An authenticated attacker could use the vulnerability to inject cross-site code and launch an XSS attack.

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Related for CNVD-2022-86359