Stored Cross-Site Scripting Vulnerability in Piwigo by Piwigo Team
CVE-2024-52701

Currently unrated

Key Information:

Vendor

Piwigo Team

Status
Piwigo
Vendor
CVE Published:
20 November 2024

What is CVE-2024-52701?

A security flaw in Piwigo version 14.5.0 allows for stored cross-site scripting (XSS) attacks where attackers can inject malicious scripts via the Page banner parameter. This vulnerability can lead to the execution of arbitrary web scripts or HTML in the context of user sessions, potentially compromising user data and site integrity. Web administrators are encouraged to apply necessary security measures and update to remediate this issue.

References

https://github.com/Piwigo/Piwigo/issues/2261

Timeline

  • Vulnerability published

.