Vulnerabilities > Piwigo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-01 | CVE-2014-8937 | Resource Exhaustion vulnerability in Piwigo Lexiglot 20141110 Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources. | 5.0 |
| 2020-03-26 | CVE-2020-9468 | Improper Input Validation vulnerability in Piwigo 2.9.0 The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. | 4.0 |
| 2020-03-26 | CVE-2020-9467 | Cross-site Scripting vulnerability in Piwigo 2.10.1 Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. | 3.5 |
| 2020-02-10 | CVE-2020-8089 | Cross-site Scripting vulnerability in Piwigo 2.10.1 Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. | 3.5 |
| 2019-12-02 | CVE-2012-4526 | Cross-site Scripting vulnerability in Piwigo piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) | 4.3 |
| 2019-12-02 | CVE-2012-4525 | Cross-site Scripting vulnerability in Piwigo piwigo has XSS in password.php | 4.3 |
| 2019-09-13 | CVE-2019-13364 | Cross-site Scripting vulnerability in Piwigo 2.9.5 admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. | 9.6 |
| 2019-09-13 | CVE-2019-13363 | Cross-site Scripting vulnerability in Piwigo 2.9.5 admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. | 9.6 |
| 2018-03-16 | CVE-2014-4613 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php. | 4.3 |
| 2018-03-06 | CVE-2018-7724 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.3 The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. | 3.5 |