Lucene search
+L

4 matches found

nvd
nvd
added 2023/02/13 3:15 p.m.23 views

CVE-2023-0151

The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.00477EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2023/02/13 2:32 p.m.5 views

CVE-2023-0151 uTubeVideo Gallery < 2.0.8 - Contributor+ Stored XSS

The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00477EPSS
Exploits2References1
cve
cve
added 2023/02/13 2:32 p.m.45 views

CVE-2023-0151

CVE-2023-0151 affects the WordPress plugin uTubeVideo Gallery prior to version 2.0.8. The vulnerability arises from insufficient validation and escaping of shortcode attributes, which can be reflected in pages/posts where the shortcode is embedded. This can allow a user with the Contributor role ...

5.4CVSS5.3AI score0.00477EPSS
Exploits2References1Affected Software1
patchstack
patchstack
added 2023/01/17 12:0 a.m.7 views

WordPress uTubeVideo Gallery Plugin < 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software uTubeVideo Gallery Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0151 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5e937ba797ce Credits Lana Codes Requir...

5.4CVSS5.6AI score0.00477EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder