CVE-2017-1002011 Information

Description

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2 There is a stored XSS vulnerability via the $value-gallery_name and $value-gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.vapidlabs.com/advisory.php?v=189 https://wordpress.org/plugins/image-gallery-with-slideshow/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4