Page 9 of 42 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en Piwigo antes de v2.0.6 permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • https://www.exploit-db.com/exploits/34367 http://piwigo.org/releases/2.0.6 http://secunia.com/advisories/37336 http://www.vupen.com/english/advisories/2009/3221 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter. Vulnerabilidad de inyección SQL en Piwigo en versiones anteriores a 2.0.3 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "items_number". • http://secunia.com/advisories/36333 http://www.securityfocus.com/archive/1/505801/100/0/threaded http://www.senseofsecurity.com.au/advisories/SOS-09-007.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •