← Retour aux CVEs
CVE-2022-4058
MEDIUM5.4
Description
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.
Details CVE
Score CVSS v3.15.4
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie12/19/2022
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
10web:photo_gallery
References
https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4(contact@wpscan.com)
https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.