Vulnerability Description
A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 & below). The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of image parameters in meta data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simplygallery | Simply Gallery Blocks With Lightbox | < 2.2.1 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/5925b263-6d6f-4a03-a98a-620150dff8f7Third Party Advisory
- https://www.fortiguard.com/zeroday/FG-VD-21-060Third Party Advisory
- https://wpscan.com/vulnerability/5925b263-6d6f-4a03-a98a-620150dff8f7Third Party Advisory
- https://www.fortiguard.com/zeroday/FG-VD-21-060Third Party Advisory
FAQ
What is CVE-2021-24667?
CVE-2021-24667 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 & below). The vulnerability exists in the Lightbox functionality where a user ...
How severe is CVE-2021-24667?
CVE-2021-24667 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24667?
Check the references section above for vendor advisories and patch information. Affected products include: Simplygallery Simply Gallery Blocks With Lightbox.