Lucene search
MistbornWPEX-ID:C028CD73-F30A-4C8B-870F-3071055F0496HistoryFeb 14, 2024 - 12:00 a.m.
Photos and Files Contest Gallery < 21.3.1 - Author+ Stored Cross Site Scripting
2024-02-1400:00:00
Mistborn
42
cross site scripting
stored
vulnerability
file upload
gallery
exploit
Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.
1. Add a New gallery, and click on the "Add files" button to add content.
2. Now add a description for this content with the XSS payload and save the changes: <script>alert('XSS');</script>
3. Click on the "cg_gallery_no_voting" that redirects to the page to display the content. It will appear in the pop-up alert.Related
wpvulndb
wpvulndb
vulnrichment
vulnrichment
cvelist
cvelist
prion
prion
Cross site scripting
2024-03-11 18:15:00
nvd
nvd
CVE-2024-1487
2024-03-11 18:15:18
cve
cve
CVE-2024-1487
2024-03-11 18:15:18
AI Score
6.1
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:C028CD73-F30A-4C8B-870F-3071055F0496