CVE-2023-41658

2023-09-2914:15:10

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-41658

unauthenticated

reflected xss

cross-site scripting

i thirteen web solution

photo gallery

slideshow

masonry tiled gallery

nvd

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

20.2%

JSON

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions.

Affected configurations

Nvd

Vulners

Node

i13websolutionweb_solution_photo_gallery_slideshow_\&_masonry_tiled_galleryRange≤1.0.13wordpress

VendorProductVersionCPE
i13websolutionweb_solution_photo_gallery_slideshow_\&_masonry_tiled_gallery*cpe:2.3:a:i13websolution:web_solution_photo_gallery_slideshow_\&_masonry_tiled_gallery:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
i13websolution	web_solution_photo_gallery_slideshow_\&_masonry_tiled_gallery	*	cpe:2.3:a:i13websolution:web_solution_photo_gallery_slideshow_\&_masonry_tiled_gallery::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-responsive-photo-gallery",
    "product": "Photo Gallery Slideshow & Masonry Tiled Gallery",
    "vendor": "I Thirteen Web Solution",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.14",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.13",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-responsive-photo-gallery/wordpress-photo-gallery-slideshow-masonry-tiled-gallery-plugin-1-0-13-cross-site-scripting-xss-vulnerability?_s_id=cve