github - ghsa-4fx9-rq9m-9gq2

GHSA-4FX9-RQ9M-9GQ2

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03

Details

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-24310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-01T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117",
  "id": "GHSA-4fx9-rq9m-9gq2",
  "modified": "2022-05-24T19:03:46Z",
  "published": "2022-05-24T19:03:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24310"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2021-24310 (GCVE-0-2021-24310)

Vulnerability from cvelistv5 – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28

Title

Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title

Summary

Severity ?

No CVSS data available.

CWE

CWE-79 - Cross-site Scripting (XSS)

Assigner

WPScan

References

URL

Tags

https://wpscan.com/vulnerability/f34096ec-b1b0-47…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	10Web	Photo Gallery by 10Web – Mobile-Friendly Image Gallery	Affected: 1.5.67 , < 1.5.67 (custom)

Credits

avolume

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
          "vendor": "10Web",
          "versions": [
            {
              "lessThan": "1.5.67",
              "status": "affected",
              "version": "1.5.67",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "avolume"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-01T11:33:29",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Photo Gallery \u003c 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24310",
          "STATE": "PUBLIC",
          "TITLE": "Photo Gallery \u003c 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.5.67",
                            "version_value": "1.5.67"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "10Web"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "avolume"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24310",
    "datePublished": "2021-06-01T11:33:29",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:28:23.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-4FX9-RQ9M-9GQ2

CVE-2021-24310 (GCVE-0-2021-24310)

Tags

Sightings

Nomenclature