3 matches found
CVE-2020-9467
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function...
Piwigo 2.10.1 - Cross Site Scripting
Exploit Title: Piwigo 2.10.1 - Cross Site Scripting POC by: Iridium Software Homepage: http://www.piwigo.org Version : 2.10.1 Tested on: Linux & Windows Category: webapps Google Dork: intext: "Powered by Piwigo" CVE : CVE-2020-9467 Description Piwigo 2.10.1 has stored XSS via the file parameter i...
CVE-2020-9467
CVE-2020-9467 affects Piwigo 2.10.1 . The vulnerability is a stored XSS in the /ws.php request via the file parameter, caused by the pwg.images.setInfo function. Documented impact is a client-side script execution risk with a NVD base score of 5.4 (MEDIUM) and network attack vector with user inte...