Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-17826
Reference:
CVE-2017-17826
Title:
Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.phppageconfigurationampsectionmain request. An attacker can exploit this to hijack a client39s browser along with the data stored in it.