CVE-2012-2209

EUVD-2012-2203
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
piwigopiwigo
𝑥
≤ 2.3.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
piwigo
hardy
dne
lucid
dne
natty
ignored
oneiric
ignored
precise
ignored
quantal
ignored
raring
dne
saucy
dne
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-04/0196.html
http://piwigo.org/bugs/view.php?id=2607
http://piwigo.org/forum/viewtopic.php?id=19173
http://piwigo.org/releases/2.3.4
http://secunia.com/advisories/48903
http://www.exploit-db.com/exploits/18782
http://www.securityfocus.com/bid/53245
https://exchange.xforce.ibmcloud.com/vulnerabilities/75186
https://www.htbridge.com/advisory/HTB23085
http://archives.neohapsis.com/archives/bugtraq/2012-04/0196.html
http://piwigo.org/bugs/view.php?id=2607
http://piwigo.org/forum/viewtopic.php?id=19173
http://piwigo.org/releases/2.3.4
http://secunia.com/advisories/48903
http://www.exploit-db.com/exploits/18782
http://www.securityfocus.com/bid/53245
https://exchange.xforce.ibmcloud.com/vulnerabilities/75186
https://www.htbridge.com/advisory/HTB23085