CVE-2018-7723

The management panel in Piwigo 2.9.3 has stored XSS via the virtualname parameter in a /admin.php?page=catlist request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible...

Design/Logic Flaw

The management panel in Piwigo 2.9.3 has stored XSS via the virtualname parameter in a /admin.php?page=catlist request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible...

CVE-2018-7723

CVE-2018-7723 affects Piwigo 2.9.3: a stored XSS in the admin panel via the virtual_name parameter in /admin.php?page=cat_list (distinct from CVE-2017-9836). The description notes CSRF exploitation may be possible, related to CVE-2017-10681. CVSS vectors are provided (3.5/LOW for CVSS2, 5.4/MEDIU...

CVE-2006-3826

CVE-2006-3826: XSS in Kailash Nadh boastMachine (3.1 and earlier) allows remote injection via register.php parameters (user_login, full_name, URL) and via admin interface parameters (cat_list, key); no exploitation status or patch details are provided in the connected documents.