4.3
MEDIUM

CVE-2012-2209

Published: 14/08/2012 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Affected Products

Vendor Product Versions
PiwigoPiwigo2.3.3

EDB Exploits

Mailing Lists

References