Description

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters.

Remediation

References

CVE-2010-1707

Related Vulnerabilities

Internet Information Services Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-0075)

PHP Other Vulnerability (CVE-2006-2660)

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)

Oracle Database Server CVE-2013-5858 Vulnerability (CVE-2013-5858)

Squid Improper Certificate Validation Vulnerability (CVE-2021-41611)

Severity

Medium

Classification

CVE-2010-1707 CWE-707

Tags

Missing Update Known Vulnerabilities