3 matches found
CVE-2024-11853 jAlbum Bridge <= 2.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via ar Parameter
The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2024-11853
CVE-2024-11853: The jAlbum Bridge plugin for WordPress (versions up to and including 2.0.15) is vulnerable to Stored Cross-Site Scripting via the ar parameter. An authenticated attacker with Contributor-level access can inject scripts that execute in pages viewed by users. A patch/upgrade to a ve...
CVE-2024-11853 jAlbum Bridge <= 2.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via ar Parameter
The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...