5 matches found
CVE-2023-5307
The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers...
CVE-2023-5307 Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers
The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers...
CVE-2023-5307 Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers
The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers...
CVE-2023-5307
CVE-2023-5307 affects the Photos and Files Contest Gallery WordPress plugin (versions prior to 21.2.8.1). The vulnerability is an unauthenticated stored XSS via HTTP headers caused by insufficient sanitisation/escaping of certain parameters in the plugin’s contact form. Impact is logged as Cross-...
WordPress Contest Gallery Plugin < 21.2.8.1 is vulnerable to Cross Site Scripting (XSS)
Software Contest Gallery Type Plugin Vulnerable versions 21.2.8.1 Fixed in 21.2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5307 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID 79977d335b6c Credits Dmitrii...