What is CVE-2021-24310?

CVE-2021-24310 is a vulnerability in 10web Photo Gallery By – Mobile-friendly Image, classified under Cross-site Scripting. Published 2021-06-01.

Is CVE-2021-24310 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in 10web Photo Gallery By – Mobile-friendly Image

CVE-2021-24310

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (40.2th percentile) — read the EPSS interpretation.

Affected products

10web Photo Gallery By – Mobile-friendly Image — versions 1.5.67

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-24310?: CVE-2021-24310 is a vulnerability in 10web Photo Gallery By – Mobile-friendly Image, classified under Cross-site Scripting. Published 2021-06-01.
Is CVE-2021-24310 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.