CVE-2021-24357

Опубликовано: 14 июн. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue.

Ссылки

https://wpscan.com/vulnerability/950f46ae-4476-4969-863a-0e55752953b3
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/950f46ae-4476-4969-863a-0e55752953b3
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fooplugins:foogallery:*:*:*:*:*:wordpress:*:*

Версия до 2.0.35 (исключая)

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2q7g-6q23-mgp7

github

больше 3 лет назад

In the Best Image Gallery & Responsive Photo Gallery â€“ FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue.