Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-7722)

Description

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.

Remediation

References

CVE-2018-7722

Related Vulnerabilities

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.11)

SharePoint CVE-2020-1338 Vulnerability (CVE-2020-1338)

WordPress Plugin FD Feedburner Cross-Site Request Forgery (1.42)

WordPress Plugin Social Auto Poster includes Backdoor [Only if downloaded via the vendor website] (2.1.3)

MySQL Other Vulnerability (CVE-2002-1376)

Severity

Medium

Classification

CVE-2018-7722 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N