2066190 – (CVE-2022-25603) CVE-2022-25603 wordpress: Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5)

Bug 2066190 (CVE-2022-25603) - CVE-2022-25603 wordpress: Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5)

Summary: CVE-2022-25603 wordpress: Authenticated Stored Cross-Site Scripting (XSS) vul...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-25603
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2087645 2087646
Blocks:
TreeView+	depends on / blocked

Reported:	2022-03-21 07:54 UTC by Rohit Keshri
Modified:	2022-05-18 07:01 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2022-05-18 07:01:26 UTC
Embargoed:

Attachments	(Terms of Use)

Description Rohit Keshri 2022-03-21 07:54:51 UTC

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).

https://patchstack.com/database/vulnerability/maxgalleria/wordpress-maxgalleria-plugin-6-2-5-stored-cross-site-scripting-xss-vulnerability
https://wordpress.org/plugins/maxgalleria/

Comment 2 Rohit Keshri 2022-05-18 06:59:33 UTC

Created wordpress tracking bugs for this issue:

Affects: epel-all [bug 2087645]
Affects: fedora-all [bug 2087646]

Note You need to log in before you can comment on or make changes to this bug.