Published: 14/08/2012 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo prior to 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.

Affected Products

Vendor Product Versions


Advisory ID: HTB23085 Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 233 and probably prior Tested Version: 233 Vendor Notification: 4 April 2012 Vendor Patch: 8 April 2012 Public Disclosure: 25 April 2012 Vulnerability Type: Directory Path Traversal, Cross-Site Scripting (XSS) CVE Reference(s): CVE-2012-2208, CVE-2012-2209 Solut ...

Mailing Lists

Piwigo version 233 suffers from cross site scripting and directory traversal vulnerabilities ...