VDB

CVE-2020-9467

CVE-2020-9467 PUBLISHED CVSS 3.5 LOW

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.

EPSS 0.20% · 41.7th percentile

Risk Scores

CVSS 2.0
3.5
EPSS Score
0.20%
41.7th percentile

Affected Products

VendorProductVersions
piwigopiwigo2.10.1
n/an/a*

Timeline

  • Mar 26, 2020 CVE Published
  • Sep 16, 2020 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›