Description
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29212)
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17669)
WordPress Plugin ApplyOnline-Application Form Builder and Manager Cross-Site Scripting (1.9.94)
PHP Deserialization of Untrusted Data Vulnerability (CVE-2016-7124)