Facetag Project Facetag — known CVE vulnerabilities
Every CVE whose affected-product data names Facetag Project Facetag, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2017-9426 — CVSS 9.8 (critical): ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags…
CVE-2017-9425 — CVSS 6.1 (medium): The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.