CVE-2024-56237 — Cross-site Scripting in Contest Gallery

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 65.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contest-gallery Contest Gallery Wasiliy Strecker Contestgallery Developer Contest Gallery

Timeline

PublishedJan 2

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through <= 24.0.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5wasiliy_strecker/contestgallery_developer_contest_gallery24.0.3

▶NVDcontest-gallery/contest_gallery< 24.0.4

🔴Vulnerability Details

CVEList

WordPress Contest Gallery plugin <= 24.0.3 - Cross Site Scripting (XSS) vulnerability↗2025-01-02

▶

GHSA

GHSA-7cw5-pc98-mp64: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XS↗2025-01-02

▶