CVE-2014-3900

EUVD-2014-3837
Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
piwigopiwigo
𝑥
≤ 2.6.3
piwigopiwigo
2.6.0
piwigopiwigo
2.6.1
piwigopiwigo
2.6.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN09717399/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000093
http://piwigo.org/bugs/view.php?id=3089
http://piwigo.org/dev/changeset/28678
http://jvn.jp/en/jp/JVN09717399/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000093
http://piwigo.org/bugs/view.php?id=3089
http://piwigo.org/dev/changeset/28678