Nextgen Gallery < 3.59.1 – Admin+ Stored XSS | CVE 2024-2744 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Proof of Concept

1. Add the "NextGEN Media RSS" Widget to the blog (Appearance > Widgets)
2. Change the "Tooltip text for Media RSS link"  to `feed" asdasd='' onmouseover='alert(1)'`
3. Save the settings and view the site
4. Move your mouse over the icon/text to see the XSS

Affects Plugins

nextgen-gallery

Fixed in 3.59.1

References

CVE

URL

https://research.cleantalk.org/cve-2024-2744/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

a5579c15-50ba-4618-95e4-04b2033d721f

Timeline

Publicly Published

2024-04-26 (about 2 months ago)

Added

2024-04-26 (about 1 months ago)

Last Updated

2024-05-07 (about 1 months ago)

Other

Published

Title

Published

2024-06-07

Title

Formula < 0.5.2 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action

Published

2024-02-15

Title

PowerPack Addons for Elementor < 2.7.16 - Contributor+ Stored Cross-Site Scripting

Published

2021-08-24

Title

Recipe Card Blocks < 2.8.3 - Contributor+ Stored Cross-Site Scripting

Published

2023-03-02

Title

Button Generator - easily Button Builder < 2.3.4 - Admin+ Stored XSS

Published

2023-01-04

Title

RSS Aggregator by Feedzy < 4.1.1 - Contributor+ Stored XSS