CVE-2024-32583

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 64.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

10web Photo Gallery Photo Gallery Team Photo Gallery BY 10web

Timeline

PublishedApr 18

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages2 packages

▶CVEListV5photo_gallery_team/photo_gallery_by_10webn/a — 1.8.21

▶NVD10web/photo_gallery< 1.8.22

🔴Vulnerability Details

CVEList

WordPress Photo Gallery by 10Web plugin <= 1.8.21 - Reflected Cross Site Scripting (XSS) vulnerability↗2024-04-18

▶

GHSA

GHSA-xwc6-f3w2-2jmm: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows↗2024-04-18

▶