Description

Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.

Remediation

References

CVE-2021-45357

Related Vulnerabilities

WordPress Plugin Pierre's Wordspew 'wordspew.php' Multiple SQL Injection Vulnerabilities (5.61)

WordPress Plugin Coming Soon Multiple Vulnerabilities (1.1.18)

Apache HTTP Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2020-11984)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14594)

e107 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2020)

Severity

Medium

Classification

CVE-2021-45357 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities