Vulnerabilities > Piwigo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-09-24 | CVE-2011-3790 | Information Exposure vulnerability in Piwigo 2.1.5 Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files. | 5.0 |
| 2010-05-04 | CVE-2010-1707 | Cross-Site Scripting vulnerability in Piwigo Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters. | 4.3 |
| 2009-11-20 | CVE-2009-4039 | Cross-Site Scripting vulnerability in Piwigo Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |