CVE-2016-10513
medium
CVSS v3
6.1
CVSS v2
4.3
VIR risk
6.1
Description
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.
Predictions
Exploit likelihood
71%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://github.com/Piwigo/Piwigo/commit/9a93d1f44b06605af84520509e7a0e8b64ab0c05
Vendor advisory: cve@mitre.org — http://piwigo.org/releases/2.8.3
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| piwigo | piwigo | {"endIncluding":"2.8.2"} | |
References
- http://piwigo.org/releases/2.8.3
- https://github.com/Piwigo/Piwigo/commit/9a93d1f44b06605af84520509e7a0e8b64ab0c05
- https://github.com/Piwigo/Piwigo/issues/548
- http://piwigo.org/releases/2.8.3
- https://github.com/Piwigo/Piwigo/commit/9a93d1f44b06605af84520509e7a0e8b64ab0c05
- https://github.com/Piwigo/Piwigo/issues/548
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.