4 matches found
CVE-2021-24362
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will b...
CVE-2021-24362
creationtimestamp| type| source ---|---|--- 2021-08-16 14:14:54+00:00| seen| https://t.me/cibsecurity/27370...
CVE-2021-24362
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will b...
CVE-2021-24362
The CVE-2021-24362 entry concerns the WordPress plugin “Photo Gallery by 10Web – Mobile-Friendly Image Gallery” (older builds). Affected versions prior to 1.5.75 fail to sanitize uploaded SVG content, allowing a user who can add images to a gallery to upload an SVG containing JavaScript. When the...