Description
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Remediation
References
Related Vulnerabilities
qdPM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-26180)
WordPress Plugin Olevmedia Shortcodes Multiple Cross-Site Scripting Vulnerabilities (1.1.9)
WordPress Plugin Phoenix Media Rename Security Bypass (3.4.2)
phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5227)