Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649.
References 4 Total
- http://piwigo.org/bugs/view.php?id=3089
- jvn.jp: JVN#09717399 third-party-advisory
- http://piwigo.org/dev/changeset/28678
- jvndb.jvn.jp: JVNDB-2014-000093 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- http://piwigo.org/bugs/view.php?id=3089 x_transferred
- jvn.jp: JVN#09717399 third-party-advisoryx_transferred
- http://piwigo.org/dev/changeset/28678 x_transferred
- jvndb.jvn.jp: JVNDB-2014-000093 third-party-advisoryx_transferred