CVE-2020-35581

🗓️ 15 Jan 2021 06:23:42Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 74 Views🌐 WEB

CVE-2020-35581: Stored XSS in Envira Gallery Lite before 1.8.3.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2020-35581	15 Jan 202112:50	–	circl
CNNVD	Envira Gallery Lite 跨站脚本漏洞	13 Jan 202100:00	–	cnnvd
CNVD	Envira Gallery Lite Cross-Site Scripting Vulnerability (CNVD-2021-11280)	19 Jan 202100:00	–	cnvd
Cvelist	CVE-2020-35581	15 Jan 202106:23	–	cvelist
EUVD	EUVD-2020-23247	7 Oct 202500:30	–	euvd
NVD	CVE-2020-35581	15 Jan 202107:15	–	nvd
OpenVAS	WordPress Envira Photo Gallery Plugin < 1.8.3.3 Multiple Vulnerabilities	19 Mar 202100:00	–	openvas
Packet Storm	Envira Gallery Lite 1.8.3.2 Cross Site Scripting	13 Jan 202100:00	–	packetstorm
Prion	Cross site scripting	15 Jan 202107:15	–	prion
RedhatCVE	CVE-2020-35581	22 May 202515:46	–	redhatcve

NVD

Node

Source	Link
github	www.github.com/enviragallery/envira-gallery-lite/commit/102651514e6faca914ec1c7e113def340d8e1e09
github	www.github.com/enviragallery/envira-gallery-lite/blob/master/changelog.txt
github	www.github.com/enviragallery/envira-gallery-lite/commit/3b081dd10a1731f8cd981bebeac0e775fb217acf
packetstormsecurity	www.packetstormsecurity.com/files/160924/Envira-Gallery-Lite-1.8.3.2-Cross-Site-Scripting.html

Parameter	Position	Path	Description	CWE
meta[title]	request body	wp-admin/admin-ajax.php	Stored XSS via meta[title] parameter in admin-ajax.php	CWE-79
post_title	request body	wp-admin/post.php	Stored XSS via post_title parameter in post.php	CWE-79

21 Nov 2024 05:27Current

5.2Medium risk

Vulners AI Score5.2

CVSS 23.5

CVSS 3.15.4

EPSS0.00471