CVE-2012-2209 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module (2) installstatus parameter in the languages_new module or (3) theme parameter in the theme module.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-04/0196.html http://piwigo.org/bugs/view.php?id=2607 http://piwigo.org/forum/viewtopic.php?id=19173 http://piwigo.org/releases/2.3.4 http://secunia.com/advisories/48903 http://www.exploit-db.com/exploits/18782 http://www.securityfocus.com/bid/53245 https://exchange.xforce.ibmcloud.com/vulnerabilities/75186 https://www.htbridge.com/advisory/HTB23085