2 matches found
WordPress Image Photo Gallery Final Tiles Grid Plugin < 3.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Image Photo Gallery Final Tiles Grid Type Plugin Vulnerable versions 3.6.0 Fixed in 3.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3710 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID af002133dcff Credits Dmitr...
CVE-2024-3710 Image Photo Gallery Final Tiles Grid < 3.6.0 - Contributor+ Stored XSS
The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be use...