CVE-2017-5608

Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 2.8.6

Description The issue is related to a cross-site scripting (XSS) vulnerability in the image upload function. This allows remote attackers to inject arbitrary web script or HTML via a crafted image filename.

Recommendations For versions prior to 2.8.6, update to version 2.8.6 or later to resolve the issue. As a temporary workaround, consider restricting image uploads to trusted users until the update is applied.