CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-7723

The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md
https://github.com/summ3rf/Vulner/blob/master/Piwigo%20Store%20XSS.md

Products affected by CVE-2018-7723

Piwigo » Piwigo » Version: 2.9.3

cpe:2.3:a:piwigo:piwigo:2.9.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7723

Products

Pricing

Contact Us