Search criteria
2 vulnerabilities found for Envira Gallery Lite by Unknown
CVE-2021-24126 (GCVE-0-2021-24126)
Vulnerability from cvelistv5 – Published: 2021-03-18 14:57 – Updated: 2024-08-03 19:21
VLAI?
Title
Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting
Summary
Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Envira Gallery Lite |
Affected:
1.8.3.3 , < 1.8.3.3
(custom)
|
Credits
minhtuanact
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f3952bd1-ac2f-4007-9e19-6c44a22465f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Envira Gallery Lite",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.3.3",
"status": "affected",
"version": "1.8.3.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "minhtuanact"
}
],
"descriptions": [
{
"lang": "en",
"value": "Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T14:57:48",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f3952bd1-ac2f-4007-9e19-6c44a22465f3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Envira Gallery Lite \u003c 1.8.3.3 - Authenticated Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24126",
"STATE": "PUBLIC",
"TITLE": "Envira Gallery Lite \u003c 1.8.3.3 - Authenticated Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Envira Gallery Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.8.3.3",
"version_value": "1.8.3.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "minhtuanact"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f3952bd1-ac2f-4007-9e19-6c44a22465f3",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f3952bd1-ac2f-4007-9e19-6c44a22465f3"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24126",
"datePublished": "2021-03-18T14:57:48",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24126 (GCVE-0-2021-24126)
Vulnerability from nvd – Published: 2021-03-18 14:57 – Updated: 2024-08-03 19:21
VLAI?
Title
Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting
Summary
Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Envira Gallery Lite |
Affected:
1.8.3.3 , < 1.8.3.3
(custom)
|
Credits
minhtuanact
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f3952bd1-ac2f-4007-9e19-6c44a22465f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Envira Gallery Lite",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.3.3",
"status": "affected",
"version": "1.8.3.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "minhtuanact"
}
],
"descriptions": [
{
"lang": "en",
"value": "Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T14:57:48",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f3952bd1-ac2f-4007-9e19-6c44a22465f3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Envira Gallery Lite \u003c 1.8.3.3 - Authenticated Stored Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24126",
"STATE": "PUBLIC",
"TITLE": "Envira Gallery Lite \u003c 1.8.3.3 - Authenticated Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Envira Gallery Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.8.3.3",
"version_value": "1.8.3.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "minhtuanact"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f3952bd1-ac2f-4007-9e19-6c44a22465f3",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f3952bd1-ac2f-4007-9e19-6c44a22465f3"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24126",
"datePublished": "2021-03-18T14:57:48",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}