Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to Unknown - Photo Gallery, Images, Slider in Rbs Image Gallery

cve-2023-3499

Vulnerability from cvelistv5

Published

2023-09-04 11:27

Modified

2024-08-02 06:55

Severity ?

Summary

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

References

▼	URL	Tags
	https://wpscan.com/vulnerability/ea29413b-494e-410e-ae42-42f96284899c	exploit, vdb-entry, technical-description

Impacted products

Vendor

Product

Version

▼

Unknown

Photo Gallery, Images, Slider in Rbs Image Gallery

Version: 0 < 3.2.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:03.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/ea29413b-494e-410e-ae42-42f96284899c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "Photo Gallery, Images, Slider in Rbs Image Gallery",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.2.16",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Felipe Restrepo Rodriguez"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79 Cross-Site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-04T23:14:26.061Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/ea29413b-494e-410e-ae42-42f96284899c"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Robo Gallery \u003c 3.2.16 - Admin+ Stored XSS",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2023-3499",
    "datePublished": "2023-09-04T11:27:01.030Z",
    "dateReserved": "2023-07-03T20:44:41.304Z",
    "dateUpdated": "2024-08-02T06:55:03.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-10102