Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-4039. PoCs published by Andrew Paterson.
AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in Piwigo 2.0.5 by injecting arbitrary JavaScript via the 'keyword' and 'author' parameters in the comments.php page. The PoC uses simple script tags to trigger an alert, confirming the vulnerability.
Description
Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploits (1)
This exploit demonstrates multiple XSS vulnerabilities in Piwigo 2.0.5 by injecting arbitrary JavaScript via the 'keyword' and 'author' parameters in the comments.php page. The PoC uses simple script tags to trigger an alert, confirming the vulnerability.