CVE-2021-31693 — Cross-site Scripting in Photo Gallery

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 59.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

10web Photo Gallery

Timeline

PublishedNov 29

Description

The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVD10web/photo_gallery1.5.68

🔴Vulnerability Details

GHSA

GHSA-8624-7rmq-755f: VMware Tools for Windows (12↗2022-11-29

▶

CVEList

CVE-2021-31693: The 10Web Photo Gallery plugin through 1↗2022-11-29

▶