Stored XSS Vulnerability in Image Gallery with Slideshow Plugin by WordPress
CVE-2017-1002011

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Image-gallery-with-slideshow
Vendor: CVE Published:; 14 September 2017

Summary

A vulnerability exists in the Image Gallery with Slideshow plugin for WordPress, specifically in version 1.5.2. This flaw allows authenticated users with permissions to modify or add galleries and images to inject malicious JavaScript code into the database. The vulnerability arises from improper sanitization of user input in the 'gallery_name' and 'gallery_description' fields. If exploited, this could enable attackers to execute arbitrary scripts in the context of other users viewing the gallery, potentially leading to data theft or session hijacking.

Affected Version(s)

image-gallery-with-slideshow < 1.5.2

References

https://wordpress.org/plugins/image-gallery-with-slideshow/

x_refsource_MISC

http://www.vapidlabs.com/advisory.php?v=189

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 14, 2017