CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-17825

The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.4%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://github.com/sahildhar/sahildhar.github.io/blob/master/research/reports/Piwigo_2.9.2/Stored%20XSS%20Vulnerabilities%20in%20Piwigo%202.9.2.md
https://github.com/sahildhar/sahildhar.github.io/blob/master/research/reports/Piwigo_2.9.2/Stored%20XSS%20Vulnerabilities%20in%20Piwigo%202.9.2.md

Products affected by CVE-2017-17825

Piwigo » Piwigo » Version: 2.9.2

cpe:2.3:a:piwigo:piwigo:2.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-17825

Products

Pricing

Contact Us