Security Advisory

CVE-2017-9836

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-06-24 15:00:00

Last updated 2024-09-16 17:09:04

Assigner mitre

State PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).

← Browse all CVEs View on cve.org ↗