Vulnerabilities > Piwigo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-14 | CVE-2021-40882 | Cross-site Scripting vulnerability in Piwigo 11.5.0 A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. | 6.1 |
| 2021-07-21 | CVE-2020-22148 | Cross-site Scripting vulnerability in Piwigo 2.10.1 A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | 6.1 |
| 2021-07-21 | CVE-2020-22150 | Cross-site Scripting vulnerability in Piwigo 2.10.1 A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | 6.1 |
| 2020-06-01 | CVE-2014-8944 | Cross-site Scripting vulnerability in Piwigo Lexiglot Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. | 5.4 |
| 2020-06-01 | CVE-2014-8940 | Information Exposure vulnerability in Piwigo Lexiglot Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI. | 5.3 |
| 2020-06-01 | CVE-2014-8939 | Path Traversal vulnerability in Piwigo Lexiglot Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages. | 5.3 |
| 2020-03-26 | CVE-2020-9468 | Authorization Bypass Through User-Controlled Key vulnerability in Piwigo 2.9.0 The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. | 4.3 |
| 2020-03-26 | CVE-2020-9467 | Cross-site Scripting vulnerability in Piwigo 2.10.1 Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. | 5.4 |
| 2020-02-10 | CVE-2020-8089 | Cross-site Scripting vulnerability in Piwigo 2.10.1 Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. | 5.4 |
| 2019-12-02 | CVE-2012-4526 | Cross-site Scripting vulnerability in Piwigo piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) | 6.1 |