Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-24620 - Vulnerability Database

Piwigo

Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-24620

Medium

Reference: CVE-2022-24620

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-24620

Title: Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS) which can lead to privilege escalation. In this way admin can steal webmaster39s cookies to get the webmaster39s access.