Psych0

**Name of the Vulnerable Software and Affected Versions** GPhotos versions 1.5 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the `rep` parameter to "index.php" or "diapo.php", or the `image` parameter to "affich.php". **Recommendations** For GPhotos versions 1.5 and earlier, consider disabling access to the "index.php", "diapo.php", and "affich.php" scripts until a fix is available. Avoid using the `rep` and `image` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPhotos versions 1.5 and earlier **Description** A directory traversal issue in index.php allows remote attackers to read arbitrary files by including a .. (dot dot) in the `rep` parameter. **Recommendations** For GPhotos versions 1.5 and earlier, update to a version later than 1.5 to resolve the issue.