Lucene search
China National Vulnerability DatabaseCNVD-2022-86359HistoryNov 30, 2022 - 12:00 a.m.
WordPress Photospace Gallery plugin cross-site scripting vulnerability
2022-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
wordpress
photospace gallery
cross-site scripting
0.001 Low
EPSS
Percentile
21.5%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Photospace Gallery plugin 2.3.5 and its previous versions are vulnerable to cross-site scripting, which stems from insufficient input cleanup and output escaping, and the settings parameters saved via the update() function are vulnerable to stored cross-site scripting. An authenticated attacker could use the vulnerability to inject cross-site code and launch an XSS attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress photospace gallery plugin | le | 2.3.5 |
Related
nvd
nvd
CVE-2022-3991
2022-11-29 21:15:11
prion
prion
Cross site scripting
2022-11-29 21:15:00
cvelist
cvelist
CVE-2022-3991
2022-11-29 20:43:32
wpvulndb
wpvulndb
Photospace Gallery <= 2.3.5 - Subscriber+ Stored Cross-Site Scripting
2022-11-14 00:00:00
cve
cve
CVE-2022-3991
2022-11-29 21:15:11