Lucene search
K

8 matches found

NVD
NVD
added 2021/06/01 2:15 p.m.25 views

CVE-2021-24310

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery i...

4.8CVSS0.01131EPSS
Exploits2References1
Prion
Prion
added 2021/06/01 2:15 p.m.39 views

Cross site scripting

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery i...

3.5CVSS5.3AI score0.04609EPSS
Exploits6References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/12 12:0 a.m.34 views

Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title

The plugin did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117 PoC...

6.1CVSS1.2AI score0.04609EPSS
Exploits6Affected Software1
Packet Storm
Packet Storm
added 2019/09/10 12:0 a.m.245 views

WordPress Photo Gallery 1.5.34 Cross Site Scripting

Exploit Title: WordPress Plugin Photo Gallery by 10Web alert1; 4. Click Save and preview. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded 09-04-2019 - New version released 1.5.35 09-10-2019 - Full Disclosu...

4.3CVSS5.7AI score0.05303EPSS
Exploits8
exploitpack
exploitpack
added 2019/09/10 12:0 a.m.93 views

WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting

WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting Exploit Title: WordPress Plugin Photo Gallery by 10Web alert1; 4. Click Save and preview. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded...

4.3CVSS0.2AI score0.04609EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/10 12:0 a.m.300 views

WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting

Exploit Title: WordPress Plugin Photo Gallery by 10Web alert1; 4. Click Save and preview. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded 09-04-2019 - New version released 1.5.35 09-10-2019 - Full Disclosu...

6.1CVSS6AI score0.04609EPSS
Exploits5
Cvelist
Cvelist
added 2019/09/08 10:49 p.m.53 views

CVE-2019-16117

Cross site scripting XSS in the photo-gallery 10Web Photo Gallery plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php...

5.6AI score0.04609EPSS
Exploits5References4
CVE
CVE
added 2019/09/08 10:49 p.m.155 views

CVE-2019-16117

CVE-2019-16117 affects the WordPress plugin Photo Gallery by 10Web, with XSS in the gallery title parsed via admin/models/Galleries.php. Affected versions are prior to 1.5.35. Root cause: insufficient sanitization/escaping of gallery title, enabling stored XSS that can trigger when listing or vie...

6.1CVSS5.5AI score0.04609EPSS
Exploits5References4Affected Software1
Rows per page
Query Builder