Vulnerability CVE-2021-24291
Published: 2021-05-14

Description:
The Photo Gallery by 10Web ?????? Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
10web -> Photo gallery 

 References:
https://packetstormsecurity.com/files/162227/
https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a
Copyright 2024, cxsecurity.com

 

Back to Top