Home > Vulnerability Database > CVE-2022-4058

Mend.io Vulnerability Database

CVE-2022-4058

Date: December 19, 2022

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.

Language: PHP

Severity Score

5.4

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-4058

Url: https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4

Url: https://www.mend.io/vulnerability-database/CVE-2022-4058

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-4058

Date: December 19, 2022

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?