Lucene search
+L

26 matches found

redhatcve
redhatcve
added 2025/11/21 7:33 a.m.5 views

CVE-2025-5092

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.5AI score0.00213EPSS
Exploits0References1
nvd
nvd
added 2025/11/20 3:17 p.m.9 views

CVE-2025-5092

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00213EPSS
Exploits0References7
vulnersosv
vulnersosv
added 2025/11/20 7:41 a.m.19 views

@aurehxa/componentstest (>=1.0.0 <=1.0.1), @codesyntax/ionic-react-photo-viewer (>=1.0.0 <=1.7.0) +58 more potentially affected by CVE-2025-5092 via lightgallery (>=1.10.0 <=2.9.0)

lightgallery NPM version =1.10.0, =1.0.0, =1.0.0, =0.1.139, =2.9.6, =1.7.8, =1.0.183, =1.0.1, =2.0.1, =1.0.0, =0.0.2, =0.0.1, =3.3.0, =1.0.3, =1.0.57 and more Source cves: CVE-2025-5092 Source advisory: SNYK:JS-LIGHTGALLERY-14101882...

6.4CVSS5.7AI score0.00213EPSS
Exploits0
snyk
snyk
added 2025/11/20 7:41 a.m.10 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:lightgallery is an A lightweight, customizable, modular, responsive, lightbox gallery plugin for jQuery. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input sanitization and output escaping of attributes. An attacker can...

6.4CVSS5.7AI score0.00213EPSS
Exploits0References2
snyk
snyk
added 2025/11/20 7:41 a.m.3 views

Cross-site Scripting (XSS)

Overview lightgallery is an A lightweight, customizable, modular, responsive, lightbox gallery plugin for jQuery. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input sanitization and output escaping of attributes. An attacker can execute arbitrary w...

6.4CVSS5.9AI score0.00213EPSS
Exploits0References2
cvelist
cvelist
added 2025/11/20 6:38 a.m.12 views

CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00213EPSS
Exploits0References7
euvd
euvd
added 2025/11/20 6:38 a.m.10 views

EUVD-2025-198262

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00213EPSS
Exploits0References11
cve
cve
added 2025/11/20 6:38 a.m.68 views

CVE-2025-5092

CVE-2025-5092 is an authenticated (Contributor+) DOM-based stored XSS issue found in WordPress plugins/themes that bundle the lightGallery library (versions

6.4CVSS5.2AI score0.00213EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2025/11/20 6:38 a.m.5 views

CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.2AI score0.00213EPSS
Exploits0References7
osv
osv
added 2025/11/20 6:38 a.m.9 views

CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00213EPSS
Exploits0References9
patchstack
patchstack
added 2025/11/20 2:34 a.m.11 views

WordPress LightGallery WP plugin <= 1.0.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin LightGallery WP versions = 1.0.5...

6.4CVSS5.7AI score0.00213EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2025/11/20 12:0 a.m.7 views

PT-2025-47557

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.5AI score0.00213EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/11/20 12:0 a.m.9 views

WordPress plugin theme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

6.4CVSS5.6AI score0.00213EPSS
Exploits0References7
osv
osv
added 2025/06/11 3:30 p.m.5 views

GHSA-W5PX-5878-M9X4 Drupal Lightgallery Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS. This issue affects Lightgallery: from 0.0.0 before 1.6.0...

6.3CVSS6.5AI score0.00278EPSS
Exploits0References2
github
github
added 2025/06/11 3:30 p.m.10 views

Drupal Lightgallery Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS. This issue affects Lightgallery: from 0.0.0 before 1.6.0...

7.1CVSS6.5AI score0.00278EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2025/06/11 3:15 p.m.11 views

CVE-2025-48447

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...

7.1CVSS0.00278EPSS
Exploits0References1
osv
osv
added 2025/06/11 3:15 p.m.13 views

CVE-2025-48447

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...

7.1CVSS5.8AI score0.00278EPSS
Exploits0References1
cve
cve
added 2025/06/11 2:37 p.m.55 views

CVE-2025-48447

CVE-2025-48447 affects Drupal Lightgallery prior to 1.6.0. The issue is described as improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS). Affected versions are 0.0.0 through 1.6.0, with remediation to update to 1.6.0 or later (per PT-2025-25222). Publi...

7.1CVSS6.5AI score0.00278EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2025/06/11 2:37 p.m.6 views

CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...

6.6AI score0.00278EPSS
Exploits0References1
cvelist
cvelist
added 2025/06/11 2:37 p.m.17 views

CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS.This issue affects Lightgallery: from 0.0.0 before 1.6.0...

0.00278EPSS
Exploits0References1
Rows per page
Query Builder