CVE-2025-0721

Опубликовано: 27 янв. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 6.1

CVSS2: 5

EPSS Низкий

Описание

A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://vuldb.com/?ctiid.293481
Permissions Required
VDB Entry
https://vuldb.com/?id.293481
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.482812
Third Party Advisory
VDB Entry
https://www.websecurityinsights.my.id/2025/01/imagegallery-viewphpusername-cross-site.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:needyamin:image_gallery_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00087

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-28rh-grjq-98g6

CVSS3: 4.3

github

10 месяцев назад

A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

EPSS

Процентиль: 26%

0.00087

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-79