Description

Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Remediation

References

CVE-2016-9751

Related Vulnerabilities

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.6)

phpMyFAQ Improper Authorization Vulnerability (CVE-2014-6049)

WordPress Plugin WP-AutoYoutube 'index.php' Script SQL Injection (0.1)

WordPress Plugin Events Manager CSV Injection (5.9.7.1)

WordPress Plugin ShopLentor-WooCommerce Builder for Elementor & Gutenberg +10 Modules-All in One Solution (formerly WooLentor) Multiple Cross-Site Scripting Vulnerabilities (1.8.5)

Severity

Medium

Classification

CVE-2016-9751 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities