Описание
Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.
Ссылки
- http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.htmlExploit
- Vendor Advisory
- PatchVendor Advisory
- Exploit
- Exploit
- Exploit
- http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-Scripting-SQL-Injection.htmlExploit
- Vendor Advisory
- PatchVendor Advisory
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.3 (включая)
cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.0062
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
ubuntu
почти 11 лет назад
Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.
debian
почти 11 лет назад
Cross-site scripting (XSS) vulnerability in the administrative backend ...
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.
EPSS
Процентиль: 70%
0.0062
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79