CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-24362

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile38.23th
Published2021年8月16日
Last Modified2024年11月21日

Vulnerability Description

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue

Affected Platforms (CPE)

📦
10web

Photo Gallery

< 1.5.75

References & Advisories

🔗 https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a
🔗 https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a

相關漏洞威脅

CVE-2007-141410.0

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary P...

CVE-2007-491610.0

Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in...

CVE-2003-152510.0

Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.

CVE-2019-161199.8

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Album...