CVE-2024-30428 — Cross-site Scripting in Contest Gallery

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 48.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contest-gallery Contest Gallery Wasiliy Strecker Contestgallery Developer Contest Gallery

Timeline

PublishedMar 29

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through <= 24.0.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5wasiliy_strecker/contestgallery_developer_contest_gallery24.0.3

▶NVDcontest-gallery/contest_gallery< 24.0.4

🔴Vulnerability Details

CVEList

WordPress Contest Gallery plugin <= 24.0.3 - Reflected Cross Site Scripting (XSS) vulnerability↗2024-03-29

▶

GHSA

GHSA-mw2v-7qj3-3qrq: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery allows Reflected XSS↗2024-03-29

▶