WEB APPLICATION VULNERABILITIES Standard & Premium

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9467)

Description

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.

Remediation

References

Related Vulnerabilities

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20418)

WordPress Plugin WP Popup Lite-Responsive popup for WordPress includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.9)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.14)

WordPress Plugin Disable Comments Cross-Site Request Forgery (1.0.3)

Severity

Medium

Classification

CVE-2020-9467 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities