Lucene search
K

5 matches found

NVD
NVD
added 2023/10/31 2:15 p.m.26 views

CVE-2023-5307

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers...

6.1CVSS6AI score0.00501EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/10/31 1:54 p.m.10 views

CVE-2023-5307 Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers...

6.4AI score0.00501EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/10/31 1:54 p.m.25 views

CVE-2023-5307 Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers...

6.2AI score0.00501EPSS
Exploits2References2
CVE
CVE
added 2023/10/31 1:54 p.m.63 views

CVE-2023-5307

CVE-2023-5307 affects the Photos and Files Contest Gallery WordPress plugin (versions prior to 21.2.8.1). The vulnerability is an unauthenticated stored XSS via HTTP headers caused by insufficient sanitisation/escaping of certain parameters in the plugin’s contact form. Impact is logged as Cross-...

6.1CVSS6AI score0.00501EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/10/31 12:0 a.m.13 views

WordPress Contest Gallery Plugin < 21.2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions 21.2.8.1 Fixed in 21.2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5307 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID 79977d335b6c Credits Dmitrii...

6.1CVSS5.6AI score0.00501EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder