12 matches found
CVE-2018-7723
The management panel in Piwigo 2.9.3 has stored XSS via the virtualname parameter in a /admin.php?page=catlist request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible...
CVE-2018-7724
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...
Cross site request forgery (csrf)
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...
CVE-2018-7722
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible...
Design/Logic Flaw
The management panel in Piwigo 2.9.3 has stored XSS via the virtualname parameter in a /admin.php?page=catlist request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible...
CVE-2018-7722
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible...
Cross site request forgery (csrf)
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible...
CVE-2018-7724
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...
CVE-2018-7723
CVE-2018-7723 affects Piwigo 2.9.3: a stored XSS in the admin panel via the virtual_name parameter in /admin.php?page=cat_list (distinct from CVE-2017-9836). The description notes CSRF exploitation may be possible, related to CVE-2017-10681. CVSS vectors are provided (3.5/LOW for CVSS2, 5.4/MEDIU...
CVE-2018-7724
CVE-2018-7724 affects Piwigo 2.9.3 and is a stored XSS vulnerability in the admin panel via the name parameter in /admin.php?page=photo-${photo_number}. CSRF may be possible (related to CVE-2017-10681). Affected product/version: Piwigo 2.9.3 (and related entries indicate multi-XSS issues before 2...
CVE-2018-7723
The management panel in Piwigo 2.9.3 has stored XSS via the virtualname parameter in a /admin.php?page=catlist request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible...
CVE-2018-7724
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-$photonumber request. CSRF exploitation, related to CVE-2017-10681, may be possible...