Description
Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649.
Remediation
References
Related Vulnerabilities
WordPress Plugin Security & Malware scan by CleanTalk Security Bypass (2.50)
WordPress Plugin File Manager Advanced Shortcode Arbitrary File Upload (2.5.3)
WordPress Plugin Images Slideshow by 2J-Image Slider Security Bypass (1.3.31)
WordPress Plugin Crelly Slider Multiple Unspecified Vulnerabilities (1.1.1)
WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.1)