CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-7722

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md
https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md

Products affected by CVE-2018-7722

Piwigo » Piwigo » Version: 2.9.3

cpe:2.3:a:piwigo:piwigo:2.9.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7722

Products

Pricing

Contact Us