Description

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.

Remediation

References

CVE-2018-7722

Related Vulnerabilities

Joomla! Core 3.x.x SQL Injection (3.2.0 - 3.4.4)

Apache HTTP Server Other Vulnerability (CVE-2002-0654)

WordPress Plugin On Page SEO + Social Live Chat (Formerly OPS) Cross-Site Scripting (1.0.1)

phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)

Joomla Improper Input Validation Vulnerability (CVE-2006-4466)

Severity

Medium

Classification

CVE-2018-7722 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities