{"id":4033,"date":"2024-06-13T17:45:10","date_gmt":"2024-06-13T17:45:10","guid":{"rendered":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/"},"modified":"2024-06-13T17:45:10","modified_gmt":"2024-06-13T17:45:10","slug":"vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/","title":{"rendered":"Vulnerabilidad de Cross-Site Scripting en FooGallery <= 2.4.15 a trav\u00e9s de URL personalizada de la galer\u00eda"},"content":{"rendered":"
El plugin de galer\u00eda de WordPress FooGallery es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de URLs personalizadas en todas las versiones hasta la 2.4.15. Esta vulnerabilidad permite a atacantes autenticados con acceso de contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina infectada.<\/div>\n

<\/p>\n

La vulnerabilidad CVE-2024-2122, denominada ‘Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)’, se debe a una insuficiente sanitizaci\u00f3n de entrada y escape de salida en el plugin FooGallery. Los atacantes autenticados pueden aprovechar esta vulnerabilidad para ejecutar scripts maliciosos en las p\u00e1ginas del sitio web afectado. Para mitigar este riesgo, se recomienda a los usuarios actualizar el plugin FooGallery a la \u00faltima versi\u00f3n disponible y revisar todas las URLs personalizadas de galer\u00eda para detectar posibles scripts maliciosos.<\/div>\n
Es crucial que los usuarios de WordPress que utilicen el plugin FooGallery tomen medidas inmediatas para proteger sus sitios web contra posibles ataques de Cross-Site Scripting. Mantener el software actualizado y validar cuidadosamente toda la entrada de datos en el sitio puede ayudar a prevenir este tipo de vulnerabilidades en el futuro.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin de galer\u00eda de WordPress FooGallery es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de URLs personalizadas en todas las versiones hasta la 2.4.15. Esta vulnerabilidad permite a atacantes autenticados con acceso de contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina infectada. La […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1743],"class_list":["post-4033","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-2122"],"yoast_head":"\nVulnerabilidad de Cross-Site Scripting en FooGallery <= 2.4.15 a trav\u00e9s de URL personalizada de la galer\u00eda - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerabilidad de Cross-Site Scripting en FooGallery <= 2.4.15 a trav\u00e9s de URL personalizada de la galer\u00eda - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin de galer\u00eda de WordPress FooGallery es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de URLs personalizadas en todas las versiones hasta la 2.4.15. Esta vulnerabilidad permite a atacantes autenticados con acceso de contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina infectada. La […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-13T17:45:10+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/\",\"url\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/\",\"name\":\"Vulnerabilidad de Cross-Site Scripting en FooGallery <= 2.4.15 a trav\u00e9s de URL personalizada de la galer\u00eda - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-06-13T17:45:10+00:00\",\"dateModified\":\"2024-06-13T17:45:10+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerabilidad de Cross-Site Scripting en FooGallery <= 2.4.15 a trav\u00e9s de URL personalizada de la galer\u00eda\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerabilidad de Cross-Site Scripting en FooGallery <= 2.4.15 a trav\u00e9s de URL personalizada de la galer\u00eda - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerabilidad de Cross-Site Scripting en FooGallery <= 2.4.15 a trav\u00e9s de URL personalizada de la galer\u00eda - SeguridadWordPress.es","og_description":"El plugin de galer\u00eda de WordPress FooGallery es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de URLs personalizadas en todas las versiones hasta la 2.4.15. Esta vulnerabilidad permite a atacantes autenticados con acceso de contribuidor o superior inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cuando un usuario acceda a la p\u00e1gina infectada. La […]","og_url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-06-13T17:45:10+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/","url":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/","name":"Vulnerabilidad de Cross-Site Scripting en FooGallery <= 2.4.15 a trav\u00e9s de URL personalizada de la galer\u00eda - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-06-13T17:45:10+00:00","dateModified":"2024-06-13T17:45:10+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/vulnerabilidad-de-cross-site-scripting-en-foogallery-2-4-15-a-traves-de-url-personalizada-de-la-galeria\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Vulnerabilidad de Cross-Site Scripting en FooGallery <= 2.4.15 a trav\u00e9s de URL personalizada de la galer\u00eda"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4033"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4033"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4033\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4033"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}