PT-2017-11000 · Unknown · Image-Gallery-With-Slideshow

Larry W. Cashdollar

Published

2017-09-14

Updated

2017-09-20

CVE-2017-1002011

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions image-gallery-with-slideshow version 1.5.2

Description The issue is related to a stored XSS vulnerability. This vulnerability can be exploited via the gallery name and gallery description variables, allowing attackers with privileges to modify or add galleries/images to inject JavaScript into the database.

Recommendations For version 1.5.2, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to modify or add galleries/images to trusted users only, and avoid using the gallery name and gallery description variables in a way that could allow JavaScript injection until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-1002011

Affected Products

Image-Gallery-With-Slideshow

PT-2017-11000 · Unknown · Image-Gallery-With-Slideshow

CVE-2017-1002011

Weakness Enumeration

Related Identifiers

Affected Products

References · 4