{"id":"CVE-2023-51790","details":"Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component.","modified":"2026-05-18T05:56:50.471173349Z","published":"2024-01-12T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/51xxx/CVE-2023-51790.json","cna_assigner":"mitre"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/51xxx/CVE-2023-51790.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51790"},{"type":"REPORT","url":"https://github.com/Piwigo/AdminTools/issues/21"},{"type":"REPORT","url":"https://github.com/Piwigo/Piwigo/issues/2069"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/piwigo/piwigo","events":[{"introduced":"0"},{"last_affected":"dae778545a4dde88d786f47b0a917dcd26636313"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"14.0.0"}],"cpe":"cpe:2.3:a:piwigo:piwigo:14.0.0:*:*:*:*:*:*:*"}}],"versions":["14.0.0","14.0.0RC2","14.0.0RC1","14.0.0beta3","14.0.0beta2","14.0.0beta1","13.0.0RC4","13.0.0RC3","13.0.0RC2","13.0.0RC1","13.0.0beta2","13.0.0beta1","12.0.0RC2","12.0.0RC1","12.0.0beta2","12.0.0beta1","2.11.0beta4","2.11.0beta3","2.11.0beta2","2.11.0beta1","2.10.0RC1","2.10.0beta2","2.10.0beta1","2.9.0RC2","2.9.0RC1","2.9.0beta2","2.9.0beta1","2.8.0RC2","2.8.0RC1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-51790.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}