CVE-2024-39631 — Cross-site Scripting in Contest Gallery

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 29.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contest-gallery Contest Gallery Wasiliy Strecker Contestgallery Developer Contest Gallery

Timeline

PublishedAug 1

Latest updateAug 2

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5wasiliy_strecker/contestgallery_developer_contest_gallery23.1.2

▶NVDcontest-gallery/contest_gallery< 23.1.3

🔴Vulnerability Details

GHSA

GHSA-fxpg-42g8-chm6: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS↗2024-08-02

▶

CVEList

WordPress Contest Gallery plugin <= 23.1.2 - Cross Site Scripting (XSS) vulnerability↗2024-08-01

▶

VulnCheck

contest-gallery contest_gallery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')↗2024

▶