Vulnerabilities > Piwigo > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-14 | CVE-2021-40678 | Cross-site Scripting vulnerability in Piwigo 11.5.0 In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | 3.5 |
| 2022-02-24 | CVE-2022-24620 | Cross-site Scripting vulnerability in Piwigo 12.2.0 Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. | 3.5 |
| 2020-06-01 | CVE-2014-8938 | Insufficiently Protected Credentials vulnerability in Piwigo Lexiglot 20141110 Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | 2.1 |
| 2020-06-01 | CVE-2014-8944 | Cross-site Scripting vulnerability in Piwigo Lexiglot 20141110 Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. | 3.5 |
| 2020-03-26 | CVE-2020-9467 | Cross-site Scripting vulnerability in Piwigo 2.10.1 Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. | 3.5 |
| 2020-02-10 | CVE-2020-8089 | Cross-site Scripting vulnerability in Piwigo 2.10.1 Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. | 3.5 |
| 2018-03-06 | CVE-2018-7722 | Cross-site Scripting vulnerability in Piwigo 2.9.3 The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. | 3.5 |
| 2018-03-06 | CVE-2018-7723 | Cross-site Scripting vulnerability in Piwigo 2.9.3 The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. | 3.5 |
| 2018-03-06 | CVE-2018-7724 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo 2.9.3 The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. | 3.5 |
| 2017-12-21 | CVE-2017-17825 | Cross-site Scripting vulnerability in Piwigo 2.9.2 The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. | 3.5 |