Filtered by vendor Piwigo Subscriptions
Total 104 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-48311 1 Piwigo 1 Piwigo 2024-11-01 8.8 High
Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function.
CVE-2024-46606 1 Piwigo 1 Piwigo 2024-10-18 5.4 Medium
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
CVE-2024-46605 1 Piwigo 1 Piwigo 2024-10-18 6.1 Medium
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
CVE-2024-46333 1 Piwigo 1 Piwigo 2024-09-30 4.8 Medium
An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function.