PT-2021-11862 · Unknown · 4Images Image Gallery Management System
Published
2021-01-25
·
Updated
2024-03-06
·
CVE-2020-35853
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
4images Image Gallery Management System version 1.7.11
Description:
The issue concerns cross-site scripting (XSS) in the Image URL, allowing an attacker to inject an XSS payload. This payload triggers every time a user visits the affected URL, potentially enabling the attacker to steal cookies based on the crafted payload.
Recommendations:
For 4images Image Gallery Management System version 1.7.11, update the software to a version that fixes the XSS issue in the Image URL, ensuring that user cookies are protected from theft.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
4Images Image Gallery Management System