Photo Gallery < 1.5.67 – Authenticated Stored Cross-Site Scripting via Gallery Title | CVE 2021-24310

Description

The plugin did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117

Proof of Concept

Create or edit a gallery and use the below payload as the gallery title " style="animation-name:rotation" onanimationstart="alert(/XSS/)

Affects Plugins

photo-gallery

Fixed in 1.5.67

References

CVE

CVE-2021-24310

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.6 (medium)

Miscellaneous

Original Researcher

avolume

Verified

Yes

WPVDB ID

f34096ec-b1b0-471d-88a4-4699178a3165

Timeline

Publicly Published

2021-05-12 (about 3 years ago)

Added

2021-05-12 (about 3 years ago)

Last Updated

2021-05-13 (about 3 years ago)

Other

Published

Title

Published

2024-03-13

Title

Beaver Builder Addons by WPZOOM < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget

Published

2023-04-19

Title

EZP Maintenance Mode <= 1.0.1 - Admin+ Stored XSS

Published

2022-10-05

Title

WooCommerce Ship to Multiple Addresses < 3.7.2 - Reflected Cross-Site Scripting

Published

2024-04-05

Title

Sydney Toolbox < 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery

Published

2022-06-16

Title

FoxyShop < 4.8.2 - Reflected Cross-Site Scripting