photo-gallery Plugin fino 1.5.34 su WordPress Options.php cross site scripting

voceeditHistoryDiffjsonxmlCTI

Una vulnerabilità di livello problematico è stata rilevata in photo-gallery Plugin fino 1.5.34 su WordPress (Photo Gallery Software). Da questa vulnerabilità è interessato una funzione sconosciuta del file admin/controllers/Options.php. L'aggiornamento alla versione 1.5.35 elimina questa vulnerabilità.

Campo09/09/2019 07:2015/08/2020 20:47
namephoto-gallery Pluginphoto-gallery Plugin
version<=1.5.34<=1.5.34
platformWordPressWordPress
fileadmin/controllers/Options.phpadmin/controllers/Options.php
risk11
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore3.73.7
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss3_meta_basescore5.25.2
cvss3_meta_tempscore4.94.9
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.14.1
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
date1567900800 (08/09/2019)1567900800 (08/09/2019)
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version1.5.351.5.35
cveCVE-2019-16118CVE-2019-16118
seealso141401 141403141401 141403
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore6.16.1
typePhoto Gallery Software
cwe079 (cross site scripting)
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cve_assigned1567900800
cve_nvd_summaryCross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.

Do you know our Splunk app?

Download it now for free!