Description
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
Remediation
References
Related Vulnerabilities
WordPress Plugin Page Showcaser Boxes Cross-Site Scripting (1.1)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.18)
PHP Resource Management Errors Vulnerability (CVE-2006-1549)
Ruby Resource Management Errors Vulnerability (CVE-2008-3443)
Oracle Application Server Other Vulnerability (CVE-2006-5360)