Description

Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.

Remediation

References

CVE-2015-2034

Related Vulnerabilities

PostgreSQL Arbitrary Code Execution Vulnerbality (CVE-2020-25696)

WordPress Plugin 404page-your smart custom 404 error page Cross-Site Request Forgery (10.3)

WordPress 5.5.x PHP Object Injection (5.5 - 5.5.4)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5338)

IBM WebSEAL Session Fixation Vulnerability (CVE-2018-1804)

Severity

Medium

Classification

CVE-2015-2034 CWE-707

Tags

Missing Update Known Vulnerabilities