2 matches found
Security Bulletin:IBM TRIRIGA Application Platform discloses cross-site scripting (CVE-2022-24620)
Summary CVE-2022-24620 Piwigo is vulnerable to cross-site scipting Vulnerability Details IBM X-Force ID: 87544 DESCRIPTION: Piwigo is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin.php script. A remote attacker could exploit this vulnerabilit...
CVE-2022-24620
CVE-2022-24620 affects Piwigo 12.2.0 with a stored XSS in admin.php due to improper validation/ filtering of user-supplied data. This can enable an attacker to escalate privileges and steal webmaster cookies, leading to webmaster access. Public details consistently describe the vulnerability as X...