Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities | |||
Severity: Low | CVSS Score: 3.4 | CWE-ID: CWE-79 | Status: Not Fixed |
Vulnerability Description | |||
The application Piwigo is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 2.9.0 and possible priors. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||
CVSS Base Score | |||
Attack Vector | Network | Scope | Changed |
Attack Complexity | Low | Confidentiality Impact | None |
Privileges Required | High | Integrity Impact | Low |
User Interaction | Required | Availability Impact | None |
Full details about the vulnerability will be disclosed once the vendor has provided a patch.