piwigo 2.3.3 - Multiple Vulnerabilities

No description provided by source. Advisory ID: HTB23085 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 4 April 2012 Vendor Patch: 8 April 2012 Public Disclosure: 25 April 2012 Vulnerability Type: Directory Path...

CVE-2012-2209

Multiple cross-site scripting XSS vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 section parameter in the configuration module, 2 installstatus parameter in the languagesnew module, or 3 theme parameter in the theme modu...

CVE-2012-2209

CVE-2012-2209 affects Piwigo prior to 2.3.4, exposing multiple XSS vulnerabilities in admin.php via the section, installstatus, and theme parameters. The issue enables remote attackers to inject arbitrary HTML/script in an administrator session. Vendor patch: upgrade to Piwigo 2.3.4 (remediation)...

Piwigo 2.3.3 Multiple Vulnerabilities

Exploit for php platform in category web applications Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 4 April 2012 Vendor Patch: 8 April 2012 Public Disclosure: 25 April 2012 Vulnerability Type: Directory Path...

Multiple vulnerabilities in Piwigo

Advisory ID: HTB23085 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 4 April 2012 Vendor Patch: 8 April 2012 Public Disclosure: 25 April 2012 Vulnerability Type: Directory Path Traversal, Cross-Site Scripting XSS CVE...

Piwigo 2.3.3 Cross Site Scripting / Directory Traversal

Advisory ID: HTB23085 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 4 April 2012 Vendor Patch: 8 April 2012 Public Disclosure: 25 April 2012 Vulnerability Type: Directory Path Traversal, Cross-Site Scripting XSS CVE...

Multiple vulnerabilities in Piwigo

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Piwigo, which can be exploited to perform Cross-Site Scripting XSS and Path Traversal attacks. 1 Directory Path Traversal in Piwigo: CVE-2012-2208 1.1 Input passed via the "language" GET parameter to upgrade.php ...