3 matches found
CVE-2020-35582
A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the posttitle parameter...
CVE-2020-35582
A stored cross-site scripting XSS issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the posttitle parameter...
CVE-2020-35582
CVE-2020-35582 affects Envira Gallery Lite prior to 1.8.3.3. It is a stored cross-site scripting (XSS) vulnerability: an attacker can inject arbitrary JavaScript/HTML via the post_title parameter in a POST to /wp-admin/post.php. The vulnerability is associated with Envira Gallery Lite, with affec...