Wideimage · Wideimage · CVE-2015-5519
**Name of the Vulnerable Software and Affected Versions**
WideImage version 11.02.19
**Description**
A cross-site scripting (XSS) issue exists in the applyConvolution demo of WideImage, allowing remote attackers to inject arbitrary web script or HTML via the `matrix` parameter to "demo/index.php".
**Recommendations**
For WideImage version 11.02.19, as a temporary workaround, consider restricting access to the demo/index.php endpoint until a patch is available. Avoid using the `matrix` parameter in the affected demo/index.php endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.