Description
Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.
Remediation
References
Related Vulnerabilities
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1297)
Apache version older than 1.3.41
Oracle Database Server CVE-2006-0285 Vulnerability (CVE-2006-0285)
WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.5.0)
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)