PT-2021-15847 · 10Web · The Photo Gallery

Avolume

Published

2021-06-01

Updated

2021-06-09

CVE-2021-24310

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin versions prior to 1.5.67

Description The issue arises from improper sanitization of the gallery title, allowing high-privilege users to create a title with an XSS payload. This payload is triggered when another user views the gallery list or the affected gallery in the admin dashboard. The problem is attributed to an incomplete fix of a previous issue.

Recommendations For versions prior to 1.5.67, update to version 1.5.67 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-24310

Affected Products

The Photo Gallery

PT-2021-15847 · 10Web · The Photo Gallery

CVE-2021-24310

Weakness Enumeration

Related Identifiers

Affected Products

References · 4