Photo Gallery < 1.8.3 - Stored XSS via CSRF
CVE-2022-4058

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Photo Gallery By 10web
Vendor: CVE Published:; 19 December 2022

Summary

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.

Affected Version(s)

Photo Gallery by 10Web 0 < 1.8.3

References

https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 19, 2022
Vulnerability Reserved
Nov 18, 2022

Credit

Krzysztof Zając