CVE Published: 30/08/2021 |
CVE Updated: 03/08/2024 |
CVE Year: 2021 Source: WPScan |
Vendor: Unknown |
Product: Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery Status : PUBLISHED
CVE-2021-24667 Description
A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 & below). The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of image parameters in meta data.