4 matches found
WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting
The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the album's name before outputting it in pages or posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting XSS attacks even when the unfiltered-html capabilit...
CVE-2022-0873
The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is...
CVE-2022-0873 Gmedia Photo Gallery < 1.20.0 - Admin+ Stored Cross-Site Scripting
The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is...
CVE-2022-0873
The CVE-2022-0873 entry concerns the WordPress Gmedia Photo Gallery plugin prior to 1.20.0. The connected Nuclei template confirms a Cross-Site Scripting (XSS) vulnerability caused by failure to sanitize/escape the album name when output in pages or posts with a media embed. This could allow high...