CVE-2022-4058

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4	Exploit Third Party Advisory
https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:34

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4 - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4 - Exploit, Third Party Advisory
Summary		(es) El complemento Photo Gallery de 10Web para WordPress anterior a 1.8.3 no valida ni escapa algunos parámetros antes de volver a generarlos en código JS más adelante en otra página, lo que podría provocar un problema de XSS almacenado cuando un atacante hace que un administrador que ha iniciado sesión abra un archivo malicioso, URL o página bajo su control.

Information

Published : 2022-12-19 14:15

Updated : 2024-11-21 07:34

NVD link : CVE-2022-4058

Mitre link : CVE-2022-4058

CVE.ORG link : CVE-2022-4058

JSON object : View

Products Affected

10web

photo_gallery

CWE

No CWE.

5.4 /10