Description
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.
Remediation
References
Related Vulnerabilities
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-14634)
WordPress Plugin Sticky Ad Bar Cross-Site Scripting (1.3.1)
Nexus Repository Manager Incorrect Authorization Vulnerability (CVE-2018-16620)
MySQL CVE-2020-14869 Vulnerability (CVE-2020-14869)
WordPress Plugin 3D Slider Slice Box Multiple Cross-Site Scripting Vulnerabilities (1.0)