CVE Catalog
CVE-2026-57755
MediumCVSS 6.5Summary
The Mosaic Gallery – Advanced Gallery plugin version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in the Contributor function. It allows an attacker to inject malicious JavaScript code into the page.
Risk Assessment
The risk involves potential session theft, redirection to malicious sites, or other actions in the victim's browser context, which could compromise data confidentiality and integrity.
Recommendation
It is recommended to immediately update the Mosaic Gallery – Advanced Gallery plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions.

