Description

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.

Remediation

References

CVE-2012-2209

Related Vulnerabilities

WordPress 4.5.x Cross-Site Request Forgery (4.5 - 4.5.16)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8103)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Information Disclosure (9.7.1)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.8)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29258)

Severity

Medium

Classification

CVE-2012-2209 CWE-707

Tags

Missing Update Known Vulnerabilities