4 matches found
CVE-2019-13363
admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...
CVE-2019-13363
CVE-2019-13363 affects Piwigo 2.9.5. The vulnerability is a Cross‑Site Scripting (XSS) in the admin.php?page=notification_by_mail endpoint, exploitable via parameters such as nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_date...
CVE-2019-13363
admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...
Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
===== Tempest Security Intelligence - ADV-03/2019 ========================== Piwigo - Version 2.9.5 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline ...