Vulnerabilities > 10Web > Photo Gallery > 1.8.21
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-26 | CVE-2024-29832 | Unspecified vulnerability in 10Web Photo Gallery The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 6.1 |
| 2024-03-26 | CVE-2024-29833 | Unspecified vulnerability in 10Web Photo Gallery The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. | 5.4 |