CVE-2022-4058 — MEDIUM (5.4)

Q: How severe is CVE-2022-4058?

CVE-2022-4058 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-4058?

Check the references section above for vendor advisories and patch information. Affected products include: 10Web Photo Gallery.

Vulnerability Description

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
10Web	Photo Gallery	< 1.8.3

References

https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4ExploitThird Party Advisory
https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4ExploitThird Party Advisory

FAQ

What is CVE-2022-4058?

CVE-2022-4058 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS...

How severe is CVE-2022-4058?

CVE-2022-4058 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-4058?

Check the references section above for vendor advisories and patch information. Affected products include: 10Web Photo Gallery.