Kouhei Morita

**Name of the Vulnerable Software and Affected Versions** EXIF Viewer Classic versions 2.3.2 through 2.4.0 **Description** The issue is caused by improper handling of EXIF meta data, leading to a cross-site scripting vulnerability. When an image is rendered and crafted EXIF meta data is processed, an arbitrary script may be executed on the web browser. **Recommendations** For versions 2.3.2 and 2.4.0, consider updating to a version newer than 2.4.0, as the product has been refactored and version 3.0.1 is not vulnerable. As a temporary workaround, consider disabling the rendering of EXIF meta data until a patch is available. Restrict access to the image rendering functionality to minimize the risk of exploitation. Avoid using the affected EXIF Viewer Classic versions to process crafted images until the issue is resolved.