CVE-2023-0060Cross-site Scripting in Gallery Grid Project Responsive Gallery Grid

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 58.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Responsive Gallery Grid Project Responsive Gallery Grid
Timeline
PublishedFeb 13

Description

The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Responsive Gallery Grid < 2.3.9 - Contributor+ Stored XSS2023-02-13
GHSA
GHSA-c4wh-9r99-65c7: The Responsive Gallery Grid WordPress plugin before 22023-02-13
CVE-2023-0060 — Cross-site Scripting | cvebase