CVE-2022-24620: XSS
First published: Thu Feb 24 2022(Updated: )
Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Piwigo Piwigo | =12.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Piwigo vulnerability?
The vulnerability ID for this Piwigo vulnerability is CVE-2022-24620.
What is the severity of CVE-2022-24620?
The severity of CVE-2022-24620 is medium with a CVSS score of 5.4.
How does the stored cross-site scripting (XSS) vulnerability in Piwigo version 12.2.0 occur?
The stored cross-site scripting (XSS) vulnerability in Piwigo version 12.2.0 occurs when an attacker is able to store malicious code in a website's database, which is then executed when a user visits the affected page.
What is the potential impact of the stored cross-site scripting (XSS) vulnerability in Piwigo version 12.2.0?
The potential impact of the stored cross-site scripting (XSS) vulnerability in Piwigo version 12.2.0 is privilege escalation, where an attacker with a lower level of access can exploit the vulnerability to gain higher privileges and potentially perform unauthorized actions.
Is there a fix available for Piwigo version 12.2.0 to address this vulnerability?
Yes, a fix is available for Piwigo version 12.2.0. It is recommended to upgrade to a version that is not affected by this vulnerability.
- collector/nvd-index
- vendor/piwigo
- canonical/piwigo piwigo
- version/piwigo piwigo/12.2.0