CVE Catalog

CVE-2026-57755

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

The Mosaic Gallery – Advanced Gallery plugin version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in the Contributor function. It allows an attacker to inject malicious JavaScript code into the page.

Risk Assessment

The risk involves potential session theft, redirection to malicious sites, or other actions in the victim's browser context, which could compromise data confidentiality and integrity.

Recommendation

It is recommended to immediately update the Mosaic Gallery – Advanced Gallery plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in Mosaic Gallery &#8211; Advanced Gallery <= 1.2.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS