Vulnerabilities > Piwigo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-28 | CVE-2017-5608 | Cross-site Scripting vulnerability in Piwigo Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename. | 6.1 |
| 2016-12-30 | CVE-2016-10083 | Cross-site Scripting vulnerability in Piwigo Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case. | 6.1 |
| 2016-12-01 | CVE-2016-9751 | Cross-site Scripting vulnerability in Piwigo 2.8.3 Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 6.1 |