CVE-2017-17825: XSS
First published: Thu Dec 21 2017(Updated: )
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Piwigo Piwigo | =2.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for Piwigo 2.9.2?
The vulnerability ID for Piwigo 2.9.2 is CVE-2017-17825.
What is the severity of CVE-2017-17825?
The severity of CVE-2017-17825 is medium.
How does the vulnerability CVE-2017-17825 in Piwigo 2.9.2 occur?
The vulnerability CVE-2017-17825 in Piwigo 2.9.2 occurs due to persistent cross-site scripting (XSS) via the tags-* array parameters in an admin.php?page=batch_manager&mode=unit request.
What can an attacker do with the vulnerability CVE-2017-17825 in Piwigo 2.9.2?
An attacker can exploit the vulnerability CVE-2017-17825 in Piwigo 2.9.2 to hijack a client's browser and access the data stored in it.
Is there a fix available for the vulnerability CVE-2017-17825 in Piwigo 2.9.2?
To fix the vulnerability CVE-2017-17825 in Piwigo 2.9.2, it is recommended to update to a newer version of Piwigo that includes the necessary security patches.
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/piwigo
- canonical/piwigo piwigo
- version/piwigo piwigo/2.9.2