Piwigo · Piwigo · CVE-2016-10083
**Name of the Vulnerable Software and Affected Versions**
Piwigo versions prior to 2.8.4
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case in admin/plugin.php.
**Recommendations**
For versions prior to 2.8.4, update to version 2.8.4 or later to resolve the issue.