2020-03-26 21:15:00 2020-03-27 17:36:00

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.

Vector

NETWORK

Complexity

MEDIUM

Authentication

SINGLE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Advisory Patch Confirmed Link
https://github.com/Piwigo/Piwigo/issues/1168