Description
Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin.
Remediation
References
Related Vulnerabilities
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465)
WordPress Multiple Cross-Site Scripting Vulnerabilities (1.2 - 1.2.1)
MySQL CVE-2013-1511 Vulnerability (CVE-2013-1511)
WordPress Plugin Product Addons & Fields for WooCommerce Arbitrary File Upload (1.1)
Apache HTTP Server Numeric Errors Vulnerability (CVE-2006-3747)