CVE-2023-5307

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
1.0%
top 22.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Photos AND Files Contest GalleryContest-gallery Contest Gallery
Timeline
PublishedOct 31

Description

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers2023-10-31
GHSA
GHSA-hmf3-8cx7-g4jw: The Photos and Files Contest Gallery WordPress plugin before 212023-10-31
CVE-2023-5307 (MEDIUM CVSS 6.1) | The Photos and Files Contest Galler | cvebase.io