CVE-2024-28662

Опубликовано: 13 мар. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.

Ссылки

https://github.com/Piwigo/Piwigo/commit/5069610aaeb1da6d96d389651a5ba9b38690c580
Patch
https://github.com/Piwigo/Piwigo/compare/14.2.0...14.3.0
Product
https://github.com/Piwigo/Piwigo/security/advisories/GHSA-8g2g-6f2c-6h7j
Vendor Advisory
https://github.com/Piwigo/Piwigo/commit/5069610aaeb1da6d96d389651a5ba9b38690c580
Patch
https://github.com/Piwigo/Piwigo/compare/14.2.0...14.3.0
Product
https://github.com/Piwigo/Piwigo/security/advisories/GHSA-8g2g-6f2c-6h7j
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:piwigo:piwigo:14.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00646

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-28662

CVSS3: 5.4

debian

почти 2 года назад

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 sc ...

GHSA-9q37-6mpp-rv7v

CVSS3: 5.4

github

почти 2 года назад

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.

EPSS

Процентиль: 70%

0.00646

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79