Description
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
Remediation
References
Related Vulnerabilities
WordPress Plugin AccessPress Social Icons Multiple Cross-Site Scripting Vulnerabilities (1.5.5)
WordPress Plugin WP Symposium Arbitrary File Upload (14.11)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)
WordPress Plugin Custom CSS Pro Cross-Site Request Forgery (1.0.3)