Description
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Agent Storm by StormRETS Multiple Cross-Site Scripting Vulnerabilities (1.1.35)
WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)
Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2022-42130)
Coppermine Multiple Cross-site Scripting (XSS) Vulnerabilities (CVE-2015-6528)