Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9425 | 1 Facetag Project | 1 Facetag | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action. | |||||
CVE-2017-9426 | 1 Facetag Project | 1 Facetag | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action. |