Because of these vulnerabilities in DZS Video Gallery plugin, an attacker can execute arbitrary script code in the browser and execute arbitrary OS commands. In that way an attacker can steal cookie-based authentication credentials and launch other attacks.
Upgrade the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
dzs video gallery | le | 7.85 |