CVE-2020-9335: XSS
First published: Tue Feb 25 2020(Updated: )
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 10web Photo Gallery | <1.5.46 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-9335?
CVE-2020-9335 is a vulnerability in the 10Web Photo Gallery plugin before version 1.5.46 for WordPress, which allows an authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.
What is the severity of CVE-2020-9335?
The severity of CVE-2020-9335 is medium with a CVSS score of 4.8.
How can the CVE-2020-9335 vulnerability be exploited?
The vulnerability can be exploited by an authenticated admin user who injects arbitrary JavaScript code that is then viewed by other users.
How do I fix CVE-2020-9335?
To fix CVE-2020-9335, update the 10Web Photo Gallery plugin to version 1.5.46 or later.
What is CWE-79?
CWE-79 is a vulnerability category known as Cross-Site Scripting (XSS), which allows an attacker to inject malicious scripts into web pages viewed by other users.
- collector/nvd-index
- vendor/10web
- canonical/10web photo gallery