Piwigo Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2019-13363 - Vulnerability Database

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2019-13363

Critical
Reference: CVE-2019-13363
Title: Piwigo Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

admin.phppagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbmamp95sendamp95htmlamp95mail nbmamp95sendamp95mailamp95as nbmamp95sendamp95detailedamp95content nbmamp95complementaryamp95mailamp95content nbmamp95sendamp95recentamp95postamp95dates or paramamp95submit parameter. This is exploitable via CSRF.