15 matches found
CVE-2024-52701
A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...
CVE-2024-52701
CVE-2024-52701 is a stored XSS in Piwigo v14.5.0 (Configuration page) where a crafted payload inserted into the Page banner parameter can execute arbitrary scripts/HTML in a victim’s browser. Affected software: Piwigo 14.5.0; impact is browser-based script execution with low integrity/confidentia...
CVE-2024-52701
A stored cross-site scripting XSS vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter...
CVE-2024-48311
Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the Edit album function...
CVE-2024-48311
Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the Edit album function...
CVE-2024-48311
CVE-2024-48311 affects Piwigo v14.5.0 and is a Cross-Site Request Forgery (CSRF) vulnerability via the Edit album function. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). The available connected documents confirm the flaw is in Piwigo 14.5.0 and desc...
CVE-2024-46605
A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
CVE-2024-46606
A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
CVE-2024-46605
A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
CVE-2024-46606
A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
CVE-2024-46605
A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
CVE-2024-46606
The provided sources confirm a cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 affecting the /admin.php?page=photo component, exploitable via a crafted payload injected into the Description field. The issue is described consistently across CVE listings, with the root cause tied to that...
CVE-2024-46605
CVE-2024-46605 is a documented XSS in Piwigo 14.5.0, affecting the admin area via /admin.php?page=album where a crafted payload in the Description field can execute arbitrary script/HTML. The CVE entry and multiple connected sources corroborate the impact as a client-side script injection with lo...
CVE-2024-46333
An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...
CVE-2024-46333
An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...