CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8089
https://notcve.org/view.php?id=CVE-2020-8089
10 Feb 2020 — Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. Piwigo versión 2.10.1, está afectado por una vulnerabilidad de tipo XSS almacenado por medio del Group Name Field en la página group_list. • https://github.com/Piwigo/Piwigo/issues/1150 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4526
https://notcve.org/view.php?id=CVE-2012-4526
02 Dec 2019 — piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) piwigo presenta una vulnerabilidad de tipo XSS en el archivo password.php (una solución incompleta para CVE-2012-4525). • http://www.openwall.com/lists/oss-security/2012/10/18/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4525
https://notcve.org/view.php?id=CVE-2012-4525
02 Dec 2019 — piwigo has XSS in password.php piwigo presenta una vulnerabilidad de tipo XSS en el archivo password.php. • http://www.openwall.com/lists/oss-security/2012/10/18/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 3CVE-2019-13363 – Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-13363
13 Sep 2019 — admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. admin.php?page=notify_by_mail en Piwigo versión 2.9.5 presenta una vulnerabilidad de tipo XSS por medio del parámetro nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complem... • https://packetstorm.news/files/id/154484 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 3CVE-2019-13364 – Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-13364
13 Sep 2019 — admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. admin.php?page=account_billing en Piwigo versión 2.9.5, presenta una vulnerabilidad de tipo XSS por medio del parámetro vat_number, billing_name, company, o billing_address. Esto es explotable por medio de un ataque de tipo CSRF. • https://packetstorm.news/files/id/154484 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 3CVE-2014-4613 – Piwigo 2.6.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-4613
16 Mar 2018 — Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el el panel de administración en versiones anteriores a la 2.6.2 en Piwigo permite que atacantes remotos secuestren la autenticación de administradores para peticiones que añadan usuarios mediante una acción ... • https://www.exploit-db.com/exploits/31916 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7723
https://notcve.org/view.php?id=CVE-2018-7723
06 Mar 2018 — The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible. El panel de gestión en Piwigo 2.9.3 tiene Cross-Site Scripting (XSS) persistente mediante el parámetro virtual_name en una petición /admin.php?page=cat_list. • https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7724
https://notcve.org/view.php?id=CVE-2018-7724
06 Mar 2018 — The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible. El panel de gestión en Piwigo 2.9.3 tiene Cross-Site Scripting (XSS) persistente mediante el parámetro name en una petición /admin.php?page=photo-${photo_number}. • https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7722
https://notcve.org/view.php?id=CVE-2018-7722
06 Mar 2018 — The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible. El panel de gestión en Piwigo 2.9.3 tiene Cross-Site Scripting (XSS) persistente mediante el parámetro name en una petición /ws.php?format=json. • https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6883
https://notcve.org/view.php?id=CVE-2018-6883
24 Feb 2018 — Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator. Piwigo, en versiones anteriores a la 2.9.3, tiene inyección SQL en admin/tags.php en el panel de administración mediante el parámetro tags del array en una petición admin.php?page=tags. • https://github.com/Piwigo/Piwigo/issues/839 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •