CVE Vulnerability
CVE-2019-13363
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF.
References
| Link | Resource |
|---|---|
| https://github.com/Piwigo/Piwigo/issues | Exploit Third Party Advisory |
| http://seclists.org/fulldisclosure/2019/Sep/25 | Mailing List Third Party Advisory |
| https://piwigo.com | Vendor Advisory |
| http://packetstormsecurity.com/files/154484/Piwigo-2.9.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html | Third Party Advisory VDB Entry |
| http://seclists.org/fulldisclosure/2020/Jun/29 |
Configurations
Configuration 1
|
Information
Published : 2019-09-13 01:15
Updated : 2020-08-24 05:37
NVD link : CVE-2019-13363
Mitre link : CVE-2019-13363
Products Affected
No products.