Lucene search
K

12 matches found

NVD
NVD
added 2018/03/06 5:29 p.m.15 views

CVE-2018-7723

The management panel in Piwigo 2.9.3 has stored XSS via the virtualname parameter in a /admin.php?page=catlist request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible...

5.4CVSS5.2AI score0.00556EPSS
Exploits1References1
NVD
NVD
added 2018/03/06 5:29 p.m.19 views

CVE-2018-7724

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...

5.4CVSS5.5AI score0.00285EPSS
Exploits1References1
Prion
Prion
added 2018/03/06 5:29 p.m.17 views

Cross site request forgery (csrf)

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...

3.5CVSS5.4AI score0.01208EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2018/03/06 5:29 p.m.20 views

CVE-2018-7722

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible...

5.4CVSS5.5AI score0.00556EPSS
Exploits1References1
Prion
Prion
added 2018/03/06 5:29 p.m.12 views

Design/Logic Flaw

The management panel in Piwigo 2.9.3 has stored XSS via the virtualname parameter in a /admin.php?page=catlist request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible...

3.5CVSS5.2AI score0.01208EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2018/03/06 5:29 p.m.20 views

CVE-2018-7722

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible...

5.4CVSS8.3AI score
Exploits0References1
Prion
Prion
added 2018/03/06 5:29 p.m.18 views

Cross site request forgery (csrf)

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible...

3.5CVSS5.4AI score0.01208EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2018/03/06 5:29 p.m.12 views

CVE-2018-7724

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...

5.4CVSS8.3AI score
Exploits0References1
CVE
CVE
added 2018/03/06 5:0 p.m.47 views

CVE-2018-7723

CVE-2018-7723 affects Piwigo 2.9.3: a stored XSS in the admin panel via the virtual_name parameter in /admin.php?page=cat_list (distinct from CVE-2017-9836). The description notes CSRF exploitation may be possible, related to CVE-2017-10681. CVSS vectors are provided (3.5/LOW for CVSS2, 5.4/MEDIU...

5.4CVSS5.1AI score0.00556EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/03/06 5:0 p.m.42 views

CVE-2018-7724

CVE-2018-7724 affects Piwigo 2.9.3 and is a stored XSS vulnerability in the admin panel via the name parameter in /admin.php?page=photo-${photo_number}. CSRF may be possible (related to CVE-2017-10681). Affected product/version: Piwigo 2.9.3 (and related entries indicate multi-XSS issues before 2...

5.4CVSS5.7AI score0.00285EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/03/06 5:0 p.m.22 views

CVE-2018-7723

The management panel in Piwigo 2.9.3 has stored XSS via the virtualname parameter in a /admin.php?page=catlist request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible...

5.2AI score0.00556EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/03/06 5:0 p.m.19 views

CVE-2018-7724

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...

5.5AI score0.00285EPSS
Exploits1References1
Rows per page
Query Builder