CVE-2022-4058

Published: Dec 19, 2022Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.

Affected (1)

Products: 10web: Photo Gallery

10web

1 product

Photo Gallery

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
10web Photo Gallery	Before 1.8.3

References (2)

https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.