Description

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.

Remediation

References

CVE-2018-7722

Related Vulnerabilities

WordPress Plugin Code Snippets Cross-Site Request Forgery (2.13.3)

Oracle Application Server Other Vulnerability (CVE-2005-3451)

WordPress Plugin WP Dev Powers:ACF Color Coded Field Types Security Bypass (1.0)

OpenVPN AS Other Vulnerability (CVE-2006-2229)

Jetty Integer Overflow or Wraparound Vulnerability (CVE-2023-36478)

Severity

Medium

Classification

CVE-2018-7722 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities