🌍
English
Hello/Hi/Greetings,
there is a XSS-vulnerability in the osm-plugin. Its existence can easily be verified by calling this URI on a osm-enabled piwigo instance - at least at mine it showed the pop-up:
<your-piwigo-domain>/index.php?zoom=</script><script>confirm(1)</script>
Piwigo is latest 16.2 version with latest plugin version.
I have opened this github-issue for this (no response, so far):
[Github] piwigo-openstreetmap issue #283
Further, I have created a PR to fix this vulnerability:
https://github.com/Piwigo/piwigo-openstreetmap/pull/284
I would be glad, if this could be checked and then hopefully merged to make Piwigo a little safer place :)
Best
Jens
Offline
Unfortunately, no response here nor on github.com for the already provided PR.
So, this is a short *bump*
Offline
No one?
I mean, Piwigo got a new release, fixing security issues. Good.
But plugins - nobody cares??
Offline
Hi gmanic,
As I mentionned in the github issue, please don't think we ignore community participation. We take security issues very seriously.
We are very greatful for your participation, your PR has been merged and a new verison of the plugin published.
Thank you for your contribution to Piwigo
Offline