What the vulnerability does
01Description
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
Explanation of Vulnerability in Simple Terms
Modula Image Gallery contains a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious scripts. An attacker with low-level site access can craft a request that, when visited by another user, executes arbitrary JavaScript in their browser. The vulnerability affects versions up to 2.14.23 and impacts confidentiality, integrity, and availability of user sessions.
What an attacker can do
Inject JavaScript that runs in other users' browsers, stealing session data or performing actions on their behalf.
Potential impact on your site
Authenticated attackers can compromise other users' accounts or sessions, potentially escalating to admin access.
Conditions required to exploit
Attacker needs a low-privilege account on the site; victim must visit a malicious link or page.
Key dates
External resources
Related vulnerabilities