Vulnerability Description
Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Piwigo | Piwigo | <= 2.7.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-ScriptinExploit
- http://piwigo.org/forum/viewtopic.php?id=25179Vendor Advisory
- http://piwigo.org/releases/2.7.4PatchVendor Advisory
- http://seclists.org/fulldisclosure/2015/Feb/73Exploit
- http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.htmlExploit
- http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.htmlExploit
- http://www.securityfocus.com/bid/72690
- http://packetstormsecurity.com/files/130432/CMS-Piwigo-2.7.3-Cross-Site-ScriptinExploit
- http://piwigo.org/forum/viewtopic.php?id=25179Vendor Advisory
- http://piwigo.org/releases/2.7.4PatchVendor Advisory
- http://seclists.org/fulldisclosure/2015/Feb/73Exploit
- http://sroesemann.blogspot.de/2015/01/sroeadv-2015-06.htmlExploit
- http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-06.htmlExploit
- http://www.securityfocus.com/bid/72690
FAQ
What is CVE-2015-2034?
CVE-2015-2034 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.
How severe is CVE-2015-2034?
CVE-2015-2034 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2034?
Check the references section above for vendor advisories and patch information. Affected products include: Piwigo Piwigo.