Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitSunCSR (Sun Cyber Security Research)WPEX-ID:F3952BD1-AC2F-4007-9E19-6C44A22465F3
HistoryDec 19, 2020 - 12:00 a.m.

Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting

2020-12-1900:00:00
SunCSR (Sun Cyber Security Research)
281
JSON

The plugin does not properly sanitise the images metadata (namely title) before outputting them in the generated gallery. This allows privileged accounts such as editor+ to perform XSS attacks (even without the unfiltered_html capability) against users visiting the gallery in the frontend.

As an editor+, add an image to a gallery and set its title (via the metadata) to <img src onerror=alert(/XSS/)>. Then view a page where the gallery is embed.

https://drive.google.com/open?id=1G15mMK4mLFV5VUL_vWxpbbBDworjciiM

Related

cve 1
wpvulndb 1
prion 1
cve
cve
CVE-2021-24126
2021-03-18 15:15:00
wpvulndb
wpvulndb
Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting
2020-12-19 00:00:00
prion
prion
Privilege escalation
2021-03-18 15:15:00
JSON
Related for WPEX-ID:F3952BD1-AC2F-4007-9E19-6C44A22465F3
cve1wpvulndb1prion1