Description

Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.

Remediation

References

CVE-2018-5692

Related Vulnerabilities

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29212)

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)

WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17669)

WordPress Plugin ApplyOnline-Application Form Builder and Manager Cross-Site Scripting (1.9.94)

PHP Deserialization of Untrusted Data Vulnerability (CVE-2016-7124)

Severity

Medium

Classification

CVE-2018-5692 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities