Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-17825
Reference:
CVE-2017-17825
Title:
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags- array parameters in an admin.phppagebatch_managerampmodeunit request. An attacker can exploit this to hijack a client39s browser along with the data stored in it.