Description
Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP No External Links Spam Injection (4.2.2)
WordPress Plugin Email Encoder-Protect Email Addresses Cross-Site Scripting (2.1.1)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3579)
Oracle Database Server CVE-2011-2257 Vulnerability (CVE-2011-2257)