3 matches found
WordPress Photo Gallery by Ays Plugin < 5.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by Ays Type Plugin Vulnerable versions 5.1.7 Fixed in 5.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2568 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 1b5a7b5e5c1c Credits Erwan LR WPScan...
CVE-2023-2568 Photo Gallery by Ays < 5.1.7 - Reflected XSS
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-2568
CVE-2023-2568 concerns the WordPress plugin Photo Gallery by Ays . Vulnerable are versions prior to 5.1.7 . The issue arises because the plugin does not escape certain parameters when outputting them in HTML attributes, enabling a Reflected XSS flaw. The documented impact notes that this could be...