CVE-2010-2715

Name of the Vulnerable Software and Affected Versions TCW PHP Album version 1.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the album parameter in the photos/index.php file.

Recommendations For TCW PHP Album version 1.0, consider validating and sanitizing user input for the album parameter to prevent XSS attacks. As a temporary workaround, restrict access to the photos/index.php file until a proper fix is applied.