vendor:
Piwigo
by:
Iridium
5.4
CVSS
MEDIUM
Cross Site Scripting
79
CWE
Product Name: Piwigo
Affected Version From: 2.10.1
Affected Version To: 2.10.1
Patch Exists: YES
Related CWE: CVE-2020-9467
CPE: 2.10.1
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Linux & Windows
2020
Piwigo 2.10.1 – Cross Site Scripting
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Mitigation:
Input validation should be used to prevent XSS attacks.
