PT-2017-11000 · Unknown · Image-Gallery-With-Slideshow

Larry W. Cashdollar

Publicado

2017-09-14

Atualizado

2017-09-20

CVE-2017-1002011

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions image-gallery-with-slideshow version 1.5.2

Description The issue is related to a stored XSS vulnerability. This vulnerability can be exploited via the gallery name and gallery description variables, allowing attackers with privileges to modify or add galleries/images to inject JavaScript into the database.

Recommendations For version 1.5.2, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to modify or add galleries/images to trusted users only, and avoid using the gallery name and gallery description variables in a way that could allow JavaScript injection until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-1002011

Produtos afetados

Image-Gallery-With-Slideshow

PT-2017-11000 · Unknown · Image-Gallery-With-Slideshow

CVE-2017-1002011

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4