Grid Gallery < 1.2.5 - Authenticated Stored Cross Site Scripting (XSS)
CVE-2021-24529
5.4MEDIUM
Summary
The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability.
Affected Version(s)
Grid Gallery – Photo Image Grid Gallery 1.2.5
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Amal E Thamban