Описание
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Issue TrackingProduct
- Product
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Issue TrackingProduct
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:piwigo:piwigo:2.9.5:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.003
Низкий
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 9.6
debian
больше 6 лет назад
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nb ...
CVSS3: 9.6
github
больше 3 лет назад
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF.
EPSS
Процентиль: 53%
0.003
Низкий
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79