4.3
MEDIUM

CVE-2012-2209

Published: 14/08/2012 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo prior to 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Affected Products

Vendor Product Versions
PiwigoPiwigo2.3.3

Exploits

Advisory ID: HTB23085 Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 233 and probably prior Tested Version: 233 Vendor Notification: 4 April 2012 Vendor Patch: 8 April 2012 Public Disclosure: 25 April 2012 Vulnerability Type: Directory Path Traversal, Cross-Site Scripting (XSS) CVE Reference(s): CVE-2012-2208, CVE-2012-2209 Solut ...

Mailing Lists

Piwigo version 233 suffers from cross site scripting and directory traversal vulnerabilities ...

References