26 matches found
CVE-2025-5092
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-5092
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-5092
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
@aurehxa/componentstest (>=1.0.0 <=1.0.1), @codesyntax/ionic-react-photo-viewer (>=1.0.0 <=1.7.0) +58 more potentially affected by CVE-2025-5092 via lightgallery (>=1.10.0 <=2.9.0)
lightgallery NPM version =1.10.0, =1.0.0, =1.0.0, =0.1.139, =2.9.6, =1.7.8, =1.0.183, =1.0.1, =2.0.1, =1.0.0, =0.0.2, =0.0.1, =3.3.0, =1.0.3, =1.0.57 and more Source cves: CVE-2025-5092 Source advisory: SNYK:JS-LIGHTGALLERY-14101882...
Cross-site Scripting (XSS)
Overview lightgallery is an A lightweight, customizable, modular, responsive, lightbox gallery plugin for jQuery. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input sanitization and output escaping of attributes. An attacker can execute arbitrary w...
Cross-site Scripting (XSS)
Overview org.webjars.npm:lightgallery is an A lightweight, customizable, modular, responsive, lightbox gallery plugin for jQuery. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input sanitization and output escaping of attributes. An attacker can...
CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2025-198262
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-5092
CVE-2025-5092 is an authenticated (Contributor+) DOM-based stored XSS issue found in WordPress plugins/themes that bundle the lightGallery library (versions
WordPress LightGallery WP plugin <= 1.0.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin LightGallery WP versions = 1.0.5...
PT-2025-47557
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin theme 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...
Drupal Lightgallery Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS. This issue affects Lightgallery: from 0.0.0 before 1.6.0...
GHSA-W5PX-5878-M9X4 Drupal Lightgallery Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS. This issue affects Lightgallery: from 0.0.0 before 1.6.0...
CVE-2025-48447
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...
CVE-2025-48447
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...
CVE-2025-48447
CVE-2025-48447 affects Drupal Lightgallery prior to 1.6.0. The issue is described as improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS). Affected versions are 0.0.0 through 1.6.0, with remediation to update to 1.6.0 or later (per PT-2025-25222). Publi...
CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...
CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...