PT-2021-23000 · Piwigo · Piwigo
Huitailang0088
·
Published
2021-12-14
·
Updated
2021-12-16
·
CVE-2021-40882
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Piwigo version 11.5.0
Description
A Cross Site Scripting (XSS) issue exists via the system album name and description of the location.
Recommendations
For Piwigo version 11.5.0, consider restricting access to the system album name and description of the location until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Piwigo