Matuhno

**Name of the Vulnerable Software and Affected Versions** Piwigo version 2.10.1 **Description** A stored cross site scripting (XSS) issue in the "/admin.php?page=tags" endpoint allows attackers to execute arbitrary web scripts or HTML. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For Piwigo version 2.10.1, consider disabling access to the "/admin.php?page=tags" endpoint until a fix is available. Restricting the use of the `page` and `tags` parameters in this endpoint can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Piwigo version 2.10.1 **Description** A cross site scripting (XSS) issue in the "/admin.php?page=permalinks" endpoint of Piwigo allows attackers to execute arbitrary web scripts or HTML. This could potentially lead to unauthorized actions on the affected web application. **Recommendations** For Piwigo version 2.10.1, update to a version that fixes this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.