Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.
1. Add a New gallery, and click on the “Add files” button to add content. 2. Now add a description for this content with the XSS payload and save the changes: 3. Click on the “cg_gallery_no_voting” that redirects to the page to display the content. It will appear in the pop-up alert.