CVE-2023-44393

Piwigo Reflected XSS vulnerability

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS code into the HTML page, which could then be executed by admin users when they visit the URL with the payload. The vulnerability is caused by the insecure injection of the `plugin_id` value from the URL into the HTML page. An attacker can exploit this vulnerability by crafting a malicious URL that contains a specially crafted `plugin_id` value. When a victim who is logged in as an administrator visits this URL, the malicious code will be injected into the HTML page and executed. This vulnerability can be exploited by any attacker who has access to a malicious URL. However, only users who are logged in as administrators are affected. This is because the vulnerability is only present on the `/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page, which is only accessible to administrators. Version 14.0.0.beta4 contains a patch for this issue.

Piwigo es una aplicación de galería de fotografías de código abierto. Antes de la versión 14.0.0beta4, una vulnerabilidad de Cross-Site Scripting (XSS) reflejada se encuentra en la página ` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]`. Un atacante puede aprovechar esta vulnerabilidad para inyectar código HTML y JS malicioso en la página HTML, que luego los usuarios administradores podrían ejecutar cuando visiten la URL con el payload. La vulnerabilidad se debe a la inyección insegura del valor `plugin_id` de la URL en la página HTML. Un atacante puede aprovechar esta vulnerabilidad creando una URL maliciosa que contenga un valor "plugin_id" especialmente manipulado. Cuando una víctima que ha iniciado sesión como administrador visita esta URL, el código malicioso se inyectará en la página HTML y se ejecutará. Esta vulnerabilidad puede ser aprovechada por cualquier atacante que tenga acceso a una URL maliciosa. Sin embargo, sólo se ven afectados los usuarios que han iniciado sesión como administradores. Esto se debe a que la vulnerabilidad solo está presente en la página `/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]`, a la que solo pueden acceder los administradores. La versión 14.0.0.beta4 contiene un parche para este problema.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-09-28 CVE Reserved
2023-10-09 CVE Published
2024-09-08 EPSS Updated
2024-09-19 CVE Updated
2024-09-19 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://github.com/Piwigo/Piwigo/security/advisories/GHSA-qg85-957m-7vgg	2024-09-19

URL	Date	SRC
https://github.com/Piwigo/Piwigo/commit/cc99c0f1e967c5f1722a0cce30ff42374a7bbc23	2023-10-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Piwigo Search vendor "Piwigo"		Piwigo Search vendor "Piwigo" for product "Piwigo"				<= 13.8.0 Search vendor "Piwigo" for product "Piwigo" and version " <= 13.8.0"		-		Affected
Piwigo Search vendor "Piwigo"		Piwigo Search vendor "Piwigo" for product "Piwigo"				14.0.0 Search vendor "Piwigo" for product "Piwigo" and version "14.0.0"		beta1		Affected
Piwigo Search vendor "Piwigo"		Piwigo Search vendor "Piwigo" for product "Piwigo"				14.0.0 Search vendor "Piwigo" for product "Piwigo" and version "14.0.0"		beta2		Affected
Piwigo Search vendor "Piwigo"		Piwigo Search vendor "Piwigo" for product "Piwigo"				14.0.0 Search vendor "Piwigo" for product "Piwigo" and version "14.0.0"		beta3		Affected