Description

Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.

Remediation

References

CVE-2018-5692

Related Vulnerabilities

WordPress Plugin AccessPress Social Icons Multiple Cross-Site Scripting Vulnerabilities (1.5.5)

WordPress Plugin WP Symposium Arbitrary File Upload (14.11)

Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2002-1717)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

WordPress Plugin Custom CSS Pro Cross-Site Request Forgery (1.0.3)

Severity

Medium

Classification

CVE-2018-5692 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities