CVE-2015-5519

Name of the Vulnerable Software and Affected Versions WideImage version 11.02.19

Description A cross-site scripting (XSS) issue exists in the applyConvolution demo of WideImage, allowing remote attackers to inject arbitrary web script or HTML via the matrix parameter to "demo/index.php".

Recommendations For WideImage version 11.02.19, as a temporary workaround, consider restricting access to the demo/index.php endpoint until a patch is available. Avoid using the matrix parameter in the affected demo/index.php endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.