Vulnerabilities > Piwigo > Lexiglot > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-01 | CVE-2014-8938 | Insufficiently Protected Credentials vulnerability in Piwigo Lexiglot 20141110 Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | 2.1 |
| 2020-06-01 | CVE-2014-8944 | Cross-site Scripting vulnerability in Piwigo Lexiglot 20141110 Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. | 3.5 |