Vulnerability Details CVE-2017-9836
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.6%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5