CVE-2023-51790

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 12, 2024

Updated: Jan 18, 2024

CWE ID 79

Summary

CVE-2023-51790 is a Cross-Site Scripting (XSS) vulnerability affecting piwigo version 14.0.0. An attacker can exploit this issue by injecting malicious scripts into the lang parameter in the Admin Tools plug-in component. Successful exploitation enables the attacker to steal sensitive information from affected users. This vulnerability poses a significant risk, as XSS attacks can lead to data theft, website defacement, and the spread of malware. Users are strongly advised to upgrade to a patched version of piwigo to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t7Triv
https://www.cve.org/CVERecord?id=CVE-2023-51790
https://nvd.nist.gov/vuln/detail/CVE-2023-51790

Back to Vulnerability Database

CVE-2023-51790

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations