VYPR
Medium severity5.4OSV Advisory· Published Mar 6, 2018· Updated Jun 17, 2026

CVE-2018-7722

CVE-2018-7722

Description

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.

Affected products

2
  • Piwigo/PiwigoOSV2 versions
    2.8.0RC1, 2.8.0RC2, 2.9.0, …+ 1 more
    • (no CPE)range: 2.8.0RC1, 2.8.0RC2, 2.9.0, …
    • (no CPE)range: =2.9.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.