Cross Site Scripting Vulnerability in Piwigo by Piwigo Team
CVE-2024-28662

Currently unrated

Key Information:

Vendor: Piwigo Team
Status: Piwigo
Vendor: CVE Published:; 13 March 2024

🔔 Create Piwigo Team Vulnerability Alert

What is CVE-2024-28662?

A Cross Site Scripting vulnerability has been identified in Piwigo, where insecure sanitization in the 'create_tag' function of the admin script (admin/include/functions.php) allows attackers to inject malicious scripts. This flaw impacts Piwigo versions prior to 14.3.0, warranting immediate attention to secure web applications against potential exploit scenarios.

References

https://github.com/Piwigo/Piwigo/security/advisories/GHSA...

https://github.com/Piwigo/Piwigo/commit/5069610aaeb1da6d9...

https://github.com/Piwigo/Piwigo/compare/14.2.0...14.3.0

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Mar 8, 2024