Piwigo v14.5.0 vulnerable to Cross-Site Scripting (XSS) attack
CVE-2024-46605

Currently unrated

Key Information:

Vendor: Piwigo
Status: Piwigo
Vendor: CVE Published:; 16 October 2024

What is CVE-2024-46605?

The vulnerability in Piwigo v14.5.0 is classified as a cross-site scripting (XSS) flaw impacting the '/admin.php?page=album' component. This issue allows attackers to inject malicious scripts or HTML code into the Description field, potentially leading to unauthorized script execution on users' browsers. Exploiting this vulnerability could result in defacement, data theft, or hijacking user sessions, making it essential for Piwigo users to apply necessary updates and patches to safeguard their applications.

References

http://piwigo.com

https://drive.google.com/file/d/1-OiaEitTaY7tpEPZMZ8GYtyU...

https://github.com/Piwigo/Piwigo

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2024