Detections
Analytics

CVE-2024-28662

medium

Description

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.

References

https://github.com/Piwigo/Piwigo/security/advisories/GHSA-8g2g-6f2c-6h7j

https://github.com/Piwigo/Piwigo/compare/14.2.0...14.3.0

https://github.com/Piwigo/Piwigo/commit/5069610aaeb1da6d96d389651a5ba9b38690c580

Details

Source: Mitre, NVD

Published: 2024-03-13

Updated: 2025-05-23

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00217