CVE-2018-7724

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.
References
Configurations

Configuration 1

cpe:2.3:a:piwigo:piwigo:2.9.3:*:*:*:*:*:*:*

Information

Published : 2018-03-06 05:29

Updated : 2020-08-24 05:37


NVD link : CVE-2018-7724

Mitre link : CVE-2018-7724

Products Affected
No products.