5 matches found
CVE-2022-4058
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control...
WordPress Photo Gallery by 10Web Plugin < 1.8.3 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by 10Web Type Plugin Vulnerable versions 1.8.3 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4058 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ee71d42f5999 Credits Krzysztof Zając...
WordPress Photo Gallery Plugin < 1.8.3 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-4058
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control...
CVE-2022-4058
CVE-2022-4058 affects the WordPress plugin Photo Gallery by 10Web, versions before 1.8.3. The root cause is failure to validate/escape certain parameters before outputting them in JavaScript on another page, enabling a Stored XSS when a logged-in admin visits a crafted URL. The CVSS base score is...