Bluetower

**Name of the Vulnerable Software and Affected Versions** Piwigo version 2.8.3 **Description** A cross-site scripting (XSS) issue exists in the search results front end, allowing remote attackers to inject arbitrary web script or HTML via the `search` parameter. This can lead to the execution of malicious code on the client-side. **Recommendations** For Piwigo version 2.8.3, as a temporary workaround, consider restricting access to the search functionality until a patch is available. Avoid using the `search` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.