exploitDog

CVE-2020-9335

Опубликовано: 25 фев. 2020

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.

Ссылки

https://wordpress.org/plugins/photo-gallery/#developers
Release Notes
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10088
Third Party Advisory
https://wordpress.org/plugins/photo-gallery/#developers
Release Notes
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10088
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*

Версия до 1.5.46 (исключая)

EPSS

Процентиль: 67%

0.00549

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w9fx-5hwq-7jrx

github

больше 3 лет назад

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.

EPSS

Процентиль: 67%

0.00549

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79