exploitDog

CVE-2021-24310

Опубликовано: 01 июн. 2021

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117

Ссылки

https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*

Версия до 1.5.67 (исключая)

EPSS

Процентиль: 40%

0.00186

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4fx9-rq9m-9gq2

github

больше 3 лет назад

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117

EPSS

Процентиль: 40%

0.00186

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79