CVE-2012-2209

NameCVE-2012-2209
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs685364

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
piwigosourcesqueeze(unfixed)end-of-life
piwigosource(unstable)(unfixed)685364

Notes

[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
Request to mark the package as unsupported in #779104
Search for package or bug name: Reporting problems