CVE-2021-24357

CVE-2021-24357: FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting

Vendor Fooplugins

Product Best Image Gallery & Responsive Photo Gallery – FooGallery

Weakness CWE-79 · XSS

Published June 14, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue.

Key dates

02Disclosure timeline

June 14, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24357

Related vulnerabilities

04Related CVE

CVE-2021-24830 Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting CVE-2024-50470 WordPress Themes4WP YouTube External Subtitles plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-53692 Sitecore Experience Platform Cross-Site Scripting Vulnerability CVE-2026-6743 WebSystems WebTOTUM Calendar cross site scripting CVE-2023-48529 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)