Description

Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.

Remediation

References

CVE-2015-2034

Related Vulnerabilities

Joomla CVE-2018-15881 Vulnerability (CVE-2018-15881)

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Multiple Vulnerabilities (5.3.2)

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Security Bypass (1.0.40.2)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-30838)

Apache Tomcat Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-43980)

Severity

Medium

Classification

CVE-2015-2034 CWE-707

Tags

Missing Update Known Vulnerabilities