CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-24620

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.9%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/Piwigo/Piwigo/issues/1605
https://github.com/Piwigo/Piwigo/issues/1605

Products affected by CVE-2022-24620

Piwigo » Piwigo » Version: 12.2.0

cpe:2.3:a:piwigo:piwigo:12.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-24620

Products

Pricing

Contact Us