Vulners
Lucene search
Piwigo 13.7.0 Cross Site Scripting
🗓️ 07 Jul 2023 00:00:00Reported by Okan KurtulusType 
packetstorm🔗 packetstormsecurity.com👁 282 Views
`#Exploit Title: Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)
#Date: 25 June 2023
#Exploit Author: Okan Kurtulus
#Vendor Homepage: https://piwigo.org
#Version: 13.7.0
#Tested on: Ubuntu 22.04
#CVE : N/A
# Proof of Concept:
1– Install the system through the website and log in with any user authorized to upload photos.
2– Click "Add" under "Photos" from the left menu. The photo you want to upload is selected and uploaded.
3– Click on the uploaded photo and the photo editing screen opens. XSS payload is entered in the "Description" section on this screen. After saving the file, go to the homepage and open the page with the photo. The XSS payload appears to be triggered.
#Payload
<sCriPt>alert(1);</sCriPt>
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Jul 2023 00:00Current
7.1High risk
Vulners AI Score7.1