Описание
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Issue Tracking
- Product
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Issue Tracking
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:piwigo:piwigo:2.9.5:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.003
Низкий
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 9.6
debian
больше 6 лет назад
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_ ...
CVSS3: 9.6
github
больше 3 лет назад
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
EPSS
Процентиль: 53%
0.003
Низкий
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-79