CVE-2018-7724

Name of the Vulnerable Software and Affected Versions: Piwigo version 2.9.3

Description: The issue concerns a stored XSS in the management panel, specifically via the name parameter in a "/admin.php?page=photo-${photo number}" request. There is a potential for CSRF exploitation.

Recommendations: For Piwigo version 2.9.3, consider restricting access to the management panel to minimize the risk of exploitation. Avoid using the name parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.