Unrated severityNVD Advisory· Published Aug 14, 2012· Updated Apr 29, 2026

CVE-2012-2209

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.

Affected products

Piwigo/Piwigo
cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*
Range: <=2.3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2012-04/0196.htmlnvdExploit
www.exploit-db.com/exploits/18782nvdExploit
www.securityfocus.com/bid/53245nvdExploit
www.htbridge.com/advisory/HTB23085nvdExploit
secunia.com/advisories/48903nvdVendor Advisory
piwigo.org/bugs/view.phpnvd
piwigo.org/forum/viewtopic.phpnvd
piwigo.org/releases/2.3.4nvd
exchange.xforce.ibmcloud.com/vulnerabilities/75186nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000