11 matches found
CVE-2019-13364
admin.php?page=accountbilling in Piwigo 2.9.5 has XSS via the vatnumber, billingname, company, or billingaddress parameter. This is exploitable via CSRF...
CVE-2019-13363
admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...
Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution
/ / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development Piwigo = 2.9.5 Multiple Vulnerabilities Released Date: 2019-09-22 Last Modified: 2019-09-22 Company Info: Piwigo.org Version Info: Vulnerable Piwigo = 2.9.5 -- Table...
CVE-2019-13363
admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...
CVE-2019-13363
admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...
CVE-2019-13364
admin.php?page=accountbilling in Piwigo 2.9.5 has XSS via the vatnumber, billingname, company, or billingaddress parameter. This is exploitable via CSRF...
Cross site request forgery (csrf)
admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...
Cross site request forgery (csrf)
admin.php?page=accountbilling in Piwigo 2.9.5 has XSS via the vatnumber, billingname, company, or billingaddress parameter. This is exploitable via CSRF...
CVE-2019-13363
admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...
CVE-2019-13363
CVE-2019-13363 affects Piwigo 2.9.5. The vulnerability is a Cross‑Site Scripting (XSS) in the admin.php?page=notification_by_mail endpoint, exploitable via parameters such as nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_date...
PT-2019-13293 · Piwigo · Piwigo
Name of the Vulnerable Software and Affected Versions: Piwigo version 2.9.5 Description: The issue concerns a Cross-Site Scripting XSS exploit in the admin.php?page=notification by mail endpoint. This exploit is achievable through several parameters: nbm send html mail, nbm send mail as, nbm send...