| Summary | The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
|---|---|
| Publication Date | Oct. 9, 2024, 3:15 p.m. |
| Registration Date | Oct. 9, 2024, 8 p.m. |
| Last Update | Nov. 6, 2024, 4:36 a.m. |
| Title | TenWeb, Inc. の WordPress 用 Photo Gallery におけるクロスサイトスクリプティングの脆弱性 |
|---|---|
| Summary | TenWeb, Inc. の WordPress 用 Photo Gallery には、クロスサイトスクリプティングの脆弱性が存在します。 |
| Possible impacts | 情報を取得される、および情報を改ざんされる可能性があります。 |
| Solution | 参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Oct. 9, 2024, midnight |
| Registration Date | May 7, 2025, 4:59 p.m. |
| Last Update | May 7, 2025, 4:59 p.m. |
| TenWeb, Inc. |
| Photo Gallery 1.8.28 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年05月07日] 掲載 |
May 7, 2025, 4:59 p.m. |