VYPR
Medium severity5.4OSV Advisory· Published Mar 6, 2018· Updated Jun 17, 2026

CVE-2018-7723

CVE-2018-7723

Description

The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.

Affected products

2
  • Piwigo/PiwigoOSV2 versions
    2.8.0RC1, 2.8.0RC2, 2.9.0, …+ 1 more
    • (no CPE)range: 2.8.0RC1, 2.8.0RC2, 2.9.0, …
    • (no CPE)range: =2.9.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.