4.3
CVE-2013-6837
- EPSS 0.6%
- Veröffentlicht 19.12.2013 04:24:57
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI.
Mögliche Gegenmaßnahme
Alpine Photo Tile for Instagram: Update to version 1.2.7.5, or a newer patched version
Contact Bank – Contact Form Builder for WordPress: Update to version 2.0.227, or a newer patched version
dp-maintenance-mode-lite: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
eHive Account Details: Update to version 2.1.3, or a newer patched version
eHive Object Details: Update to version 2.1.7, or a newer patched version
embedplus-for-wordpress: Update to version 5.4, or a newer patched version
fancyflickr: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
FoxyShop: Update to version 4.6.1, or a newer patched version
Gallery Bank – WordPress Photo Gallery Plugin: Update to version 3.0.229, or a newer patched version
Image Slider: Update to version 1.1.7, or a newer patched version
Images Lazyload and Slideshow: Update to version 3.3, or a newer patched version
Apizee Contact – Live Chat Plugin: Update to version 1.1, or a newer patched version
jcwp youtube channel embed: Update to version 2.0.0, or a newer patched version
lb-tube-video: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
matrix-image-gallery: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
mklasens-photobox: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
MyBlogU: Update to version 0.0.8, or a newer patched version
mytreasures: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Onclick show popup: Update to version 6.6, or a newer patched version
Random image gallery with pretty photo zoom: Update to version 7.5, or a newer patched version
ReFlex Gallery » WordPress Photo Gallery: Update to version 3.1.5, or a newer patched version
responsive-category-slider: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Responsive Lightbox & Gallery: Update to version 1.4.12, or a newer patched version
s2member Secure File Browser: Update to version 0.4.17, or a newer patched version
TallyKit: Update to version 5.5, or a newer patched version
ticket-manager: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
TreXanh Property: Update to version 0.2, or a newer patched version
webrotate-360-product-viewer: Update to version 2.5.2, or a newer patched version
wp-business-directory: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
WP Easy Gallery – WordPress Gallery Plugin: Update to version 4.1.1, or a newer patched version
wp-instagram-bank: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
WP Portfolio Gallery: Update to version 1.2.0, or a newer patched version
WP Video Lightbox: Update to version 1.7.5, or a newer patched version
WPPizza – A Restaurant Plugin: Update to version 2.11.8.18, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Alpine Photo Tile for Instagram
Version
[*, 1.2.7.5)
SystemWordPress Plugin
≫
Produkt
Contact Bank – Contact Form Builder for WordPress
Version
[*, 2.0.227)
SystemWordPress Plugin
≫
Produkt
dp-maintenance-mode-lite
Version
*
SystemWordPress Plugin
≫
Produkt
eHive Account Details
Version
[*, 2.1.3)
SystemWordPress Plugin
≫
Produkt
eHive Object Details
Version
[*, 2.1.7)
SystemWordPress Plugin
≫
Produkt
embedplus-for-wordpress
Version
[*, 5.4)
SystemWordPress Plugin
≫
Produkt
fancyflickr
Version
*
SystemWordPress Plugin
≫
Produkt
FoxyShop
Version
[*, 4.6.1)
SystemWordPress Plugin
≫
Produkt
Gallery Bank – WordPress Photo Gallery Plugin
Version
[*, 3.0.229)
SystemWordPress Plugin
≫
Produkt
Image Slider
Version
[*, 1.1.7)
SystemWordPress Plugin
≫
Produkt
Images Lazyload and Slideshow
Version
[*, 3.3)
SystemWordPress Plugin
≫
Produkt
Apizee Contact – Live Chat Plugin
Version
[*, 1.1)
SystemWordPress Plugin
≫
Produkt
jcwp youtube channel embed
Version
[*, 2.0.0)
SystemWordPress Plugin
≫
Produkt
lb-tube-video
Version
*
SystemWordPress Plugin
≫
Produkt
matrix-image-gallery
Version
*
SystemWordPress Plugin
≫
Produkt
mklasens-photobox
Version
*
SystemWordPress Plugin
≫
Produkt
MyBlogU
Version
[*, 0.0.8)
SystemWordPress Plugin
≫
Produkt
mytreasures
Version
*
SystemWordPress Plugin
≫
Produkt
Onclick show popup
Version
[*, 6.6)
SystemWordPress Plugin
≫
Produkt
Random image gallery with pretty photo zoom
Version
[*, 7.5)
SystemWordPress Plugin
≫
Produkt
ReFlex Gallery » WordPress Photo Gallery
Version
[*, 3.1.5)
SystemWordPress Plugin
≫
Produkt
responsive-category-slider
Version
*
SystemWordPress Plugin
≫
Produkt
Responsive Lightbox & Gallery
Version
[*, 1.4.12)
SystemWordPress Plugin
≫
Produkt
s2member Secure File Browser
Version
[*, 0.4.17)
SystemWordPress Plugin
≫
Produkt
TallyKit
Version
[*, 5.5)
SystemWordPress Plugin
≫
Produkt
ticket-manager
Version
*
SystemWordPress Plugin
≫
Produkt
TreXanh Property
Version
*-0.1
SystemWordPress Plugin
≫
Produkt
webrotate-360-product-viewer
Version
[*, 2.5.2)
SystemWordPress Plugin
≫
Produkt
wp-business-directory
Version
*
SystemWordPress Plugin
≫
Produkt
WP Easy Gallery – WordPress Gallery Plugin
Version
[*, 4.1.1)
SystemWordPress Plugin
≫
Produkt
wp-instagram-bank
Version
*
SystemWordPress Plugin
≫
Produkt
WP Portfolio Gallery
Version
[*, 1.2.0)
SystemWordPress Plugin
≫
Produkt
WP Video Lightbox
Version
[*, 1.7.5)
SystemWordPress Plugin
≫
Produkt
WPPizza – A Restaurant Plugin
Version
[*, 2.11.8.18)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
No-margin-for-errors ≫ Prettyphoto Version <= 3.1.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.689 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.