Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-51790 - Vulnerability Database

Piwigo

Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-51790

Medium

Reference: CVE-2023-51790

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-51790

Title: Piwigo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component.