Limb Gallery < 1.4.0 – Reflected Cross-Site Scripting | CVE 2019-14790

Description

The plugin does not sanitise and escape the task parameter before outputing back in a JavaScript context via the grsGalleryAjax AJAx action 9available to both unauthenticated and authenticated users), leading to a reflected cross-Site Scripting

Proof of Concept

https://example.comwp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode&task=</script><img src onerror=alert(`XSS`)>

Affects Plugins

limb-gallery

Fixed in 1.4.0

References

CVE

CVE-2019-14790

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Verified

Yes

WPVDB ID

1029601d-3083-41d8-962c-d2067eab4b5b

Timeline

Publicly Published

2019-06-26 (about 6 years ago)

Added

2019-08-20 (about 6 years ago)

Last Updated

2022-03-05 (about 4 years ago)

Other

Published

Title

Published

2024-03-25

Title

Responsive Tabs < 4.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-02-15

Title

Archivist - Custom Archive Templates < 1.7.5 - Admin+ Stored XSS

Published

2024-12-16

Title

Animated Counters <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-09-06

Title

Carrot <= 1.1.0 - Admin+ Stored XSS

Published

2022-05-23

Title

Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting