CVE-2017-17826

Name of the Vulnerable Software and Affected Versions Piwigo version 2.9.2

Description The issue affects the Configuration component, where a Persistent Cross Site Scripting vulnerability exists via the gallery title parameter in an "admin.php?page=configuration&section=main" request. This can be exploited by an attacker to hijack a client's browser and access the data stored in it.

Recommendations For Piwigo version 2.9.2, avoid using the gallery title parameter in the affected admin.php request until the issue is resolved. As a temporary workaround, consider restricting access to the Configuration component to minimize the risk of exploitation.