2 matches found
CVE-2018-7724
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...
CVE-2018-7724
CVE-2018-7724 affects Piwigo 2.9.3 and is a stored XSS vulnerability in the admin panel via the name parameter in /admin.php?page=photo-${photo_number}. CSRF may be possible (related to CVE-2017-10681). Affected product/version: Piwigo 2.9.3 (and related entries indicate multi-XSS issues before 2...