607746 – <www-apps/piwigo-2.8.6: Cross-site scripting (XSS) vulnerability in the image upload function (CVE-2017-5608)

Bug 607746 - <www-apps/piwigo-2.8.6: Cross-site scripting (XSS) vulnerability in the image upload function (CVE-2017-5608)

Summary: <www-apps/piwigo-2.8.6: Cross-site scripting (XSS) vulnerability in the image...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://cve.mitre.org/cgi-bin/cvename...
Whiteboard:	~3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-01-30 19:07 UTC by Bernard Cafarelli
Modified:	2017-01-30 22:34 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernard Cafarelli gentoo-dev

2017-01-30 19:07:14 UTC

Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename

~arch only package

Comment 1 Bernard Cafarelli gentoo-dev

2017-01-30 19:13:05 UTC

2.8.6 is now in tree, I removed previous version

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2017-01-30 22:34:44 UTC

(In reply to Bernard Cafarelli from comment #1)
> 2.8.6 is now in tree, I removed previous version

thanks for the report and quick action!