CVE-2021-24310

CVE-2021-24310: Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title

Vendor 10Web

Product Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Weakness CWE-79 · XSS

Published June 1, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117

Key dates

02Disclosure timeline

June 1, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24310 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-49523 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-50514 WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability CVE-2025-2354 VAM Virtual Airlines Manager index.php cross site scripting CVE-2021-25989 ifme - Stored Cross-Site Scripting (XSS) in Groups section CVE-2023-26017 WordPress Jobs for WordPress Plugin <= 2.5.10.2 is vulnerable to Cross Site Scripting (XSS)