CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24882 – Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24882
The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed El plugin Slideshow Gallery de WordPress versiones anteriores a 1.7.4, no sanea ni escapa de los campos "Title" de la diapositiva, "Description" y "Title" de la galería, que podría permitir a usuarios con privilegios elevados llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando el unfiltered_html está deshabilitado • https://wpscan.com/vulnerability/6d71816c-8267-4b84-9087-191fbb976e72 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18017 – Slideshow Gallery <= 1.6.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-18017
XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. El plugin Tribulant Slideshow Gallery 1.6.8 para WordPress es vulnerable a un Cross-site scripting (XSS) a través del parámetro wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] o Gallery[title]. • https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html https://docs.google.com/document/d/1rwN4hJkD5TJfCa16rsGwzYhzL-ODd2VLkFnPvAIq4Ys/edit?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18019 – Slideshow Gallery <= 1.6.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-18019
XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. El plugin Tribulant Slideshow Gallery 1.6.8 para WordPress es vulnerable a un Cross-site scripting (XSS) a través del parámetro wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], o Slide[image_url]. • https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html https://docs.google.com/document/d/1rwN4hJkD5TJfCa16rsGwzYhzL-ODd2VLkFnPvAIq4Ys/edit?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18018 – Slideshow Gallery <= 1.6.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-18018
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. El plugin Tribulant Slideshow Gallery 1.6.8 para WordPress es vulnerable a una inyección SQL a través del parámetro wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] o Gallery[title]. • https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html https://docs.google.com/document/d/1rwN4hJkD5TJfCa16rsGwzYhzL-ODd2VLkFnPvAIq4Ys/edit?usp=sharing • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17946 – Slideshow Gallery <= 1.6.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-17946
The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. El plugin Tribulant Slideshow Gallery en versiones anteriores a la 1.6.6.1 para WordPress tiene Cross-Site Scripting (XSS) mediante los parámetros id, method, Gallerymessage, Galleryerror o Galleryupdated. The Tribulant Slideshow Gallery plugin before 1.6.6 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. • http://www.defensecode.com/advisories/DC-2017-01-014_WordPress_Tribulant_Slideshow_Gallery_Plugin_Advisory.pdf https://wordpress.org/plugins/slideshow-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •