Vulnerabilities > Piwigo > Piwigo > 2.0.10

DATE CVE VULNERABILITY TITLE RISK
2017-06-06 CVE-2017-9452 Cross-site Scripting vulnerability in Piwigo
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
network
low complexity
piwigo CWE-79
4.8
4.8
2017-01-28 CVE-2017-5608 Cross-site Scripting vulnerability in Piwigo
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename.
network
low complexity
piwigo CWE-79
6.1
6.1
2017-01-03 CVE-2016-10105 Improper Access Control vulnerability in Piwigo
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files.
network
low complexity
piwigo CWE-284
critical
 9.8
9.8
2016-12-30 CVE-2016-10085 Improper Access Control vulnerability in Piwigo
admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
network
low complexity
piwigo CWE-284
7.2
7.2
2016-12-30 CVE-2016-10084 Improper Access Control vulnerability in Piwigo
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
network
low complexity
piwigo CWE-284
7.2
7.2
2016-12-30 CVE-2016-10083 Cross-site Scripting vulnerability in Piwigo
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.
network
low complexity
piwigo CWE-79
6.1
6.1