CVE-2020-35581

Published: 2021-01-15T07:15Z

Last Modified: 2024-11-21T05:27Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt