Vulnerability Explanation:

Piwigo Version 12.3.0 has XSS vulnerabilities that allow attackers to store XSS via Gallery title input.

Affected Component:



<image src/onerror=console.log("test_xss_at_Gallery_title")>

Tested on:

  1. Piwigo Version 12.3.0
  2. Brave Version 1.44.101 Chromium: 106.0.5249.65 (Official Build) (64-bit)

Steps to attack:

1. First, we log in with an admin credential to the target application.

2. We click on Admin.