PT-2025-8981 · Unknown · Foogallery
Andres Roldan
·
Published
2025-02-27
·
Updated
2025-07-15
·
CVE-2025-22624
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
FooGallery – Responsive Photo Gallery version 2.4.29
Description
The issue arises from the web application dynamically generating web content without validating the source of potentially untrusted data. This is specifically noted in the file myapp/extensions/albums/admin/class-meta-boxes.php.
Recommendations
For FooGallery – Responsive Photo Gallery version 2.4.29, consider restricting access to the class-meta-boxes.php file until a patch is available. As a temporary workaround, avoid using the
class-meta-boxes.php file in the myapp/extensions/albums/admin directory to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foogallery