Cross Site Scripting Vulnerability in Piwigo by Piwigo Team
CVE-2024-28662

5.4MEDIUM

Key Information:

Vendor: Piwigo Team
Status: Piwigo
Vendor: CVE Published:; 13 March 2024

🔔 Create Piwigo Team Vulnerability Alert

What is CVE-2024-28662?

A Cross Site Scripting vulnerability has been identified in Piwigo, where insecure sanitization in the 'create_tag' function of the admin script (admin/include/functions.php) allows attackers to inject malicious scripts. This flaw impacts Piwigo versions prior to 14.3.0, warranting immediate attention to secure web applications against potential exploit scenarios.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/Piwigo/Piwigo/security/advisories/GHSA...

https://github.com/Piwigo/Piwigo/commit/5069610aaeb1da6d9...

https://github.com/Piwigo/Piwigo/compare/14.2.0...14.3.0

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Mar 8, 2024

JSON

Piwigo Team

What is CVE-2024-28662?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.