CVE-2018-5692

🗓️ 14 Jan 2018 04:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 54 Views🌐 WEB

Piwigo v2.8.2 admin.php XSS CVE-2018-569

Reporter	Title	Published	Views	Family All 7
CNVD	Piwigo cross-site scripting vulnerability (CNVD-2018-04285)	15 Jan 201800:00	–	cnvd
Cvelist	CVE-2018-5692	14 Jan 201804:00	–	cvelist
EUVD	EUVD-2018-17461	7 Oct 202500:30	–	euvd
NVD	CVE-2018-5692	14 Jan 201804:29	–	nvd
Prion	Design/Logic Flaw	14 Jan 201804:29	–	prion
Vulnerability Lab	Piwigo v2.8.2 & 2.9.1 CMS - Multiple Cross Site Vulnerabilities	12 Jan 201800:00	–	vulnerlab
Vulnerability Lab	Piwigo v2.8.2 & 2.9.1 CMS - Multiple Cross Site Vulnerabilities	12 Jan 201800:00	–	vulnerlab

NVD

Node

piwigo piwigoMatch2.8.2

Source	Link
vulnerability-lab	www.vulnerability-lab.com/get_content.php

Parameter	Position	Path	Description	CWE
tab	query param	piwigo/admin.php	Client-side XSS via tab parameter in admin.php with GET requests	CWE-79
to	query param	piwigo/admin.php	Client-side XSS via to parameter in admin.php with GET requests	CWE-79
section	query param	piwigo/admin.php	Client-side XSS via section parameter in admin.php with GET requests	CWE-79
mode	query param	piwigo/admin.php	Client-side XSS via mode parameter in admin.php with GET requests	CWE-79
installstatus	query param	piwigo/admin.php	Client-side XSS via installstatus parameter in admin.php with GET requests	CWE-79
display	query param	piwigo/admin.php	Client-side XSS via display parameter in admin.php with GET requests	CWE-79

21 Nov 2024 04:09Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.3

CVSS 36.1

EPSS0.0024

piwigo v2.8.2 admin.php xss cve-2018-5692 nvd