3 matches found
PT-2024-35414 · Piwigo · Piwigo
Name of the Vulnerable Software and Affected Versions: Piwigo version 14.5.0 Description: A stored cross-site scripting XSS issue in the Configuration page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter. This could potential...
CVE-2024-52701
A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...
CVE-2024-52701
CVE-2024-52701 is a stored XSS in Piwigo v14.5.0 (Configuration page) where a crafted payload inserted into the Page banner parameter can execute arbitrary scripts/HTML in a victim’s browser. Affected software: Piwigo 14.5.0; impact is browser-based script execution with low integrity/confidentia...