Skip to main content

Gallery CVE-2024-30550

HIGH
Cross-site Scripting (XSS) (CWE-79)
2024-03-31 audit@patchstack.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Mar 31, 2024 - 20:15 cve.org
HIGH 7.1

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Reflected XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

AnalysisAI

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Reflected XSS.0.3. Affected products include: Wpdevart Gallery. Version information: through 2.0.3..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2016-1000113 CRITICAL POC
9.8 Oct 06

XSS and SQLi in huge IT gallery v1.1.5 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex

CVE-2023-0765 HIGH POC
8.8 Apr 17

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to

CVE-2013-2240 HIGH POC
7.5 Oct 10

lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers

CVE-2016-1000114 MEDIUM POC
6.1 Oct 06

XSS in huge IT gallery v1.1.5 for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable,

CVE-2022-1946 MEDIUM POC
6.1 Jul 04

The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the resp

CVE-2012-2405 CRITICAL
10.0 Apr 22

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attac

CVE-2023-0764 MEDIUM POC
5.4 Apr 17

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, le

CVE-2024-35750 HIGH
8.8 Jun 08

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsiv

CVE-2013-2138 HIGH
7.5 Oct 10

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fra

CVE-2012-4343 HIGH
7.5 Aug 15

Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown

CVE-2025-20968 HIGH
7.2 May 07

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 1

CVE-2024-31120 MEDIUM
6.5 Mar 31

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsiv

Share

CVE-2024-30550 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy