Descriptionpiwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
piwigosourcesqueeze(not affected)
piwigosource(unstable)(not affected)


- piwigo <not-affected> (incomplete fix not applied to Debian package)
[squeeze] - piwigo <not-affected> (vulnerable code not present)

Search for package or bug name: Reporting problems