← volver
CVE-2025-9710

Responsive Lightbox & Gallery < 2.5.3 - Unauthenticated Stored-XSS via Comments

CVSS 6.3 MEDIUMEPSS 0.2%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 oct 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L