Description

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.

Remediation

References

CVE-2022-24620

Related Vulnerabilities

Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1297)

Apache version older than 1.3.41

Oracle Database Server CVE-2006-0285 Vulnerability (CVE-2006-0285)

WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.5.0)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)

Severity

Medium

Classification

CVE-2022-24620 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities