CVE-2024-51914

Name of the Vulnerable Software and Affected Versions drop in image slideshow gallery versions prior to 12.0

Description The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based Cross-site Scripting (XSS). This means that an attacker could potentially inject malicious scripts into the webpage, affecting the Document Object Model (DOM) and thus impacting the website's functionality and user experience.

Recommendations For versions prior to 12.0, consider disabling the dynamic generation of web pages or restricting user input to minimize the risk of exploitation until a patch is available. Restrict access to sensitive parts of the gallery to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.