Lucene search

[email protected]NVD:CVE-2022-4058

HistoryDec 19, 2022 - 2:15 p.m.

CVE-2022-4058

2022-12-1914:15:11

[email protected]

web.nvd.nist.gov

cve-2022-4058

stored xss

wordpress plugin

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

25.1%

JSON

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.

Affected configurations

Nvd

Node

10webphoto_galleryRange<1.8.3wordpress

VendorProductVersionCPE
10webphoto_gallery*cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
10web	photo_gallery	*	cpe:2.3:a:10web:photo_gallery::::::wordpress::*

References

wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4