Vulnerability Details : CVE-2012-2209
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2012-2209
Probability of exploitation activity in the next 30 days: 0.72%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2209
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-2209
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2209
-
http://www.securityfocus.com/bid/53245
Piwigo Multiple Cross Site Scripting and Directory Traversal VulnerabilitiesExploit
-
http://archives.neohapsis.com/archives/bugtraq/2012-04/0196.html
Exploit
-
http://piwigo.org/bugs/view.php?id=2607
0002607: Piwigo Security Vulnerabilities Notification - MantisBT
-
http://piwigo.org/releases/2.3.4
Piwigo 2.3.4 | Release note
-
https://www.htbridge.com/advisory/HTB23085
Multiple vulnerabilities in Piwigo - HTB23085 Security Advisory | ImmuniWebExploit
-
http://www.exploit-db.com/exploits/18782
piwigo 2.3.3 - Multiple Vulnerabilities - PHP webapps ExploitExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75186
Piwigo multiple parameters cross-site scripting CVE-2012-2209 Vulnerability Report
-
http://piwigo.org/forum/viewtopic.php?id=19173
Piwigo 2.3.4 | Piwigo.org
Products affected by CVE-2012-2209
- cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*