RSS   Vulnerabilities for 'Envira gallery'   RSS

2021-03-18
 
CVE-2021-24126

CWE-79
 

 
Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.

 
2021-01-15
 
CVE-2020-35582

CWE-79
 

 
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.

 
 
CVE-2020-35581

CWE-79
 

 
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.

 

 >>> Vendor: Enviragallery 2 Products
Photo gallery
Envira gallery


Copyright 2024, cxsecurity.com

 

Back to Top