Lucene search
Dnr6419WPVDB-ID:F7A0DF37-3204-4926-84EC-2204A2F22DE3HistoryMay 16, 2022 - 12:00 a.m.
Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting
2022-05-1600:00:00
dnr6419
wpscan.com
18
photo gallery
vulnerability
admin+
cross-site scripting
unfiltered_html
web browser
inspector
payload
settings
watermark
text
number
general tab
EPSS
0.001
Percentile
24.8%
The plugin does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
PoC
Go to Photo Gallery > Global Settings > Watermark Using the web browser inspector, change the input type of the “Watermark font size” and “Watermark opacity” fields from number to text, and put the following payload in them, then save: " autofocus onfocus=alert(/XSS/)// Other settings which should be number (such as “Number of preloaded images” in the General tab) are also affected
Related
openvas
openvas
WordPress Photo Gallery Plugin < 1.6.4 XSS Vulnerability
2022-06-10 00:00:00
prion
prion
Cross site scripting
2022-06-08 10:15:00
patchstack
patchstack
cnvd
cnvd
WordPress Photo Gallery plugin cross-site scripting vulnerability
2022-06-13 00:00:00
cvelist
cvelist
CVE-2022-1394 Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting
2022-06-06 08:50:56
wpexploit
wpexploit
Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting
2022-05-16 00:00:00
nvd
nvd
CVE-2022-1394
2022-06-08 10:15:09
cve
cve
CVE-2022-1394
2022-06-08 10:15:09