CVE-2021-24903

CVE-2021-24903: GRAND FlaGallery <= 6.1.2 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Album and Image Gallery with Lightbox – Flagallery Photo Portfolio

Weakness CWE-79 · XSS

Published February 28, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

February 28, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24903 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2018-0483 Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability CVE-2025-10166 Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2017-16721 CVE-2024-20760 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2018-25131 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Stored XSS via Config Upload