NextCellent Gallery <= 1.9.35 – Admin+ Stored XSS | CVE 2022-1971 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Create/edit a gallery with at least one image, put the following payload in the "Alt & Title Text" field: State of Mind"autofocus onfocus=alert(/XSS/)//

Save the changes (via the button next to the Apply button). The XSS will be triggered when editing the Gallery again

Affects Plugins

nextcellent-gallery-nextgen-legacy

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

lucy

Submitter

lucy

Verified

Yes

WPVDB ID

1bffbbef-7876-43a6-9cb0-6e09bb4ff2b0

Timeline

Publicly Published

2022-06-06 (about 1 years ago)

Added

2022-06-06 (about 1 years ago)

Last Updated

2023-03-09 (about 1 years ago)

Other

Published

Title

Published

2024-04-15

Title

Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ Stored XSS via title_tag

Published

2023-10-18

Title

WhatsApp Share Button <= 1.0.1 - Contributor+ Stored XSS

Published

2015-08-28

Title

Thumbnail Carousel Slider < 1.0.1 - Stored Cross-Site Scripting (XSS) & CSRF

Published

2023-11-23

Title

eDoc Employee Job Application <= 1.13 - Reflected Cross-Site Scripting

Published

2024-03-25

Title

WP Google Maps < 9.0.30 - Reflected Cross-Site Scripting