CVE-2018-7722

Опубликовано: 06 мар. 2018

Источник: debian

Описание

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
piwigo	removed			package

Примечания

https://github.com/Piwigo/Piwigo/issues/871
https://github.com/Piwigo/Piwigo/commit/0ec289769ee1fc314dbc7d90fdc480389e786942

Связанные уязвимости

CVE-2018-7722

CVSS3: 5.4

nvd

почти 8 лет назад

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.

GHSA-x6rc-3279-434h

CVSS3: 5.4

github

больше 3 лет назад

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.