Description
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
Remediation
References
Related Vulnerabilities
WordPress Plugin Thank You Counter Button Cross-Site Scripting (1.8.2)
WordPress Plugin MainWP Dashboard Cross-Site Scripting (3.1.2)
WordPress Plugin Stream SQL Injection (3.8.1)
WordPress Plugin JW Player 6 Cross-Site Scripting (2.1.14)
PostgreSQL 7PK - Security Features Vulnerability (CVE-2016-2193)