CVE-2024-12119

Name of the Vulnerable Software and Affected Versions The FooGallery – Responsive Photo Gallery plugin versions up to and including 2.4.29

Description The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, specifically via the default gallery title size parameter. This allows authenticated attackers with gallery and album creator roles to inject arbitrary web scripts in pages, which will execute when a user accesses the injected page.

Recommendations For versions up to and including 2.4.29, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the gallery and album creator roles to trusted users only, and monitor page content for any signs of script injection.