Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-44393 PoC — Piwigo 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-44393.yaml
Associated Vulnerability
Title:Piwigo 跨站脚本漏洞 (CVE-2023-44393)
Description:Piwigo是一套基于Web的开源图片库软件。该软件包括图片管理、图片分类和权限管理等功能。 Piwigo 4.0.0beta4之前版本存在跨站脚本漏洞,该漏洞源于在/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]页面中存在安全问题,攻击者利用该漏洞可以将恶意的HTML和JS代码注入到HTML页面中,并在管理员用户访问带有恶意载荷的URL时执行该代码。
Description
Piwigo is vulnerable to a reflected XSS in the admin panel where the `plugin_id` parameter is not properly sanitized.
File Snapshot

 id: CVE-2023-44393

info:
  name: Piwigo - Cross-Site Scripting
  author: ritikchaddha
  severity: m

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.