Lucene search
K

15 matches found

NVD
NVD
added 2024/11/20 9:15 p.m.19 views

CVE-2024-52701

A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...

5.4CVSS0.00247EPSS
Exploits1References1
CVE
CVE
added 2024/11/20 12:0 a.m.70 views

CVE-2024-52701

CVE-2024-52701 is a stored XSS in Piwigo v14.5.0 (Configuration page) where a crafted payload inserted into the Page banner parameter can execute arbitrary scripts/HTML in a victim’s browser. Affected software: Piwigo 14.5.0; impact is browser-based script execution with low integrity/confidentia...

5.4CVSS5.6AI score0.00247EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/20 12:0 a.m.15 views

CVE-2024-52701

A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...

5.4AI score0.00247EPSS
Exploits1References1
NVD
NVD
added 2024/10/31 2:15 a.m.24 views

CVE-2024-48311

Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the Edit album function...

8.8CVSS0.00318EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/31 12:0 a.m.18 views

CVE-2024-48311

Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the Edit album function...

0.00318EPSS
Exploits1References1
CVE
CVE
added 2024/10/31 12:0 a.m.50 views

CVE-2024-48311

CVE-2024-48311 affects Piwigo v14.5.0 and is a Cross-Site Request Forgery (CSRF) vulnerability via the Edit album function. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). The available connected documents confirm the flaw is in Piwigo 14.5.0 and desc...

8.8CVSS7.2AI score0.00318EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/10/16 5:15 p.m.26 views

CVE-2024-46605

A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

6.1CVSS0.00413EPSS
Exploits1References3
NVD
NVD
added 2024/10/16 5:15 p.m.24 views

CVE-2024-46606

A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

5.4CVSS0.00362EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/16 12:0 a.m.13 views

CVE-2024-46605

A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

5.9AI score0.00413EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/10/16 12:0 a.m.15 views

CVE-2024-46606

A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

5.8AI score0.00362EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/16 12:0 a.m.16 views

CVE-2024-46605

A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

0.00413EPSS
Exploits1References3
CVE
CVE
added 2024/10/16 12:0 a.m.60 views

CVE-2024-46606

The provided sources confirm a cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 affecting the /admin.php?page=photo component, exploitable via a crafted payload injected into the Description field. The issue is described consistently across CVE listings, with the root cause tied to that...

5.4CVSS5.9AI score0.00362EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/10/16 12:0 a.m.61 views

CVE-2024-46605

CVE-2024-46605 is a documented XSS in Piwigo 14.5.0, affecting the admin area via /admin.php?page=album where a crafted payload in the Description field can execute arbitrary script/HTML. The CVE entry and multiple connected sources corroborate the impact as a client-side script injection with lo...

6.1CVSS5.9AI score0.00413EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/09/27 3:15 p.m.28 views

CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

4.8CVSS0.00284EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/27 12:0 a.m.14 views

CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

0.00284EPSS
Exploits1References1
Rows per page
Query Builder