CVE-2017-17825

Name of the Vulnerable Software and Affected Versions Piwigo version 2.9.2

Description The issue concerns a Persistent Cross Site Scripting vulnerability in the Batch Manager component. This can be exploited via the tags-* array parameters in an "admin.php?page=batch manager&mode=unit" request. An attacker can potentially hijack a client's browser and access the data stored in it.

Recommendations For Piwigo version 2.9.2, consider restricting access to the Batch Manager component until a fix is available. As a temporary workaround, avoid using the tags-* array parameters in the "admin.php?page=batch manager&mode=unit" request to minimize the risk of exploitation.