A stored cross-site scripting (XSS) issue in Envira Gallery Lite prior to 1.8.3.3 allows remote malicious users to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
enviragallery envira gallery |