Description

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.

Remediation

References

CVE-2012-2209

Related Vulnerabilities

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43165)

Magento CVE-2019-8119 Vulnerability (CVE-2019-8119)

WordPress Plugin WooCommerce Arbitrary File Deletion (3.4.5)

Squid Improper Input Validation Vulnerability (CVE-2016-2569)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-28329)

Severity

Medium

Classification

CVE-2012-2209 CWE-707

Tags

Missing Update Known Vulnerabilities