Description
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2009-1979 Vulnerability (CVE-2009-1979)
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (9.0)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37149)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4588)
Drupal Core 7.x Multiple Security Bypass Vulnerabilities (7.0 - 7.25)