VYPR
Medium severity5.4OSV Advisory· Published Mar 6, 2018· Updated Jun 17, 2026

CVE-2018-7724

CVE-2018-7724

Description

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.

Affected products

2
  • Piwigo/PiwigoOSV2 versions
    2.8.0RC1, 2.8.0RC2, 2.9.0, …+ 1 more
    • (no CPE)range: 2.8.0RC1, 2.8.0RC2, 2.9.0, …
    • (no CPE)range: <=2.9.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.