CVE-2022-27853
published 2022-04-18CVE-2022-27853: Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9
PriorityP419medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.50%
39.0th percentile
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contest-gallery | contest_gallery | <= 13.1.0.9 | — |
| contest_gallery | contest_gallery | <= 13.1.0.9 | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_cisco4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hqfw-qph2-8f38: Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13
ghsa_unreviewed·2022-04-19
CVE-2022-27853 [MEDIUM] CWE-79 GHSA-hqfw-qph2-8f38: Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9
Cisco
Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
vendor_cisco·2022-09-27·CVSS 4.7
CVE-2021-27853 [MEDIUM] CWE-284 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
On September 27, 2022, the following vulnerabilities affecting Cisco products were disclosed by Cert/CC as part of VU855201, titled L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers:
CVE-2021-27853: Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using a combination of VLAN 0 headers and LLC/SNAP headers.
CVE-2021-27854: Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using a combination of VLAN 0 headers, LLC/SNAP headers in Ethernet to Wifi frame translation, and in the reverse—Wifi to Ethernet.
CVE-2021-27861: Layer 2 network filtering capabilities such as IPv6 RA guard can be byp
Cisco
Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
vendor_cisco·CVSS 3.1
CVE-2021-27862 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
CVE-2021-27862: Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
On September 27, 2022, the following vulnerabilities affecting Cisco products were disclosed by Cert/CC as part of VU855201, titled L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers : CVE-2021-27853: Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using a combination of VLAN 0 headers and LLC/SNAP headers. CVE-2021-27854: Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using a combination of VLAN 0 headers, LLC/SNAP headers in Ethernet to Wifi frame translation, and in the reverse-Wifi to Ethernet. CVE-2021-27861: Layer 2 network filtering capabilities such as IPv6 RA g
Cisco
Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
vendor_cisco·CVSS 3.1
CVE-2021-27854 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
CVE-2021-27854: Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
On September 27, 2022, the following vulnerabilities affecting Cisco products were disclosed by Cert/CC as part of VU855201, titled L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers : CVE-2021-27853: Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using a combination of VLAN 0 headers and LLC/SNAP headers. CVE-2021-27854: Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using a combination of VLAN 0 headers, LLC/SNAP headers in Ethernet to Wifi frame translation, and in the reverse-Wifi to Ethernet. CVE-2021-27861: Layer 2 network filtering capabilities such as IPv6 RA g
Cisco
Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
vendor_cisco·CVSS 3.1
CVE-2021-27853 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
CVE-2021-27853: Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
On September 27, 2022, the following vulnerabilities affecting Cisco products were disclosed by Cert/CC as part of VU855201, titled L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers : CVE-2021-27853: Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using a combination of VLAN 0 headers and LLC/SNAP headers. CVE-2021-27854: Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using a combination of VLAN 0 headers, LLC/SNAP headers in Ethernet to Wifi frame translation, and in the reverse-Wifi to Ethernet. CVE-2021-27861: Layer 2 network filtering capabilities such as IPv6 RA g
Cisco
Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
vendor_cisco·CVSS 3.1
CVE-2021-27861 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
CVE-2021-27861: Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
On September 27, 2022, the following vulnerabilities affecting Cisco products were disclosed by Cert/CC as part of VU855201, titled L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers : CVE-2021-27853: Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using a combination of VLAN 0 headers and LLC/SNAP headers. CVE-2021-27854: Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using a combination of VLAN 0 headers, LLC/SNAP headers in Ethernet to Wifi frame translation, and in the reverse-Wifi to Ethernet. CVE-2021-27861: Layer 2 network filtering capabilities such as IPv6 RA g
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-13-1-0-9-authenticated-stored-cross-site-scripting-xss-vulnerabilityhttps://wordpress.org/plugins/contest-gallery/https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-13-1-0-9-authenticated-stored-cross-site-scripting-xss-vulnerabilityhttps://wordpress.org/plugins/contest-gallery/
2022-04-18
Published