Vulnerabilities > Piwigo > Piwigo > 2.0.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-06 | CVE-2017-9452 | Cross-site Scripting vulnerability in Piwigo Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.8 |
2017-01-28 | CVE-2017-5608 | Cross-site Scripting vulnerability in Piwigo Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename. | 6.1 |
2017-01-03 | CVE-2016-10105 | Improper Access Control vulnerability in Piwigo admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. | 9.8 |
2016-12-30 | CVE-2016-10085 | Improper Access Control vulnerability in Piwigo admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter. | 7.2 |
2016-12-30 | CVE-2016-10084 | Improper Access Control vulnerability in Piwigo admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter). | 7.2 |
2016-12-30 | CVE-2016-10083 | Cross-site Scripting vulnerability in Piwigo Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case. | 6.1 |