Whiteshark2K

**Name of the Vulnerable Software and Affected Versions** Piwigo version 14.5.0 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) that can be exploited via the Edit album function. This allows an attacker to perform unintended actions on the application. **Recommendations** For Piwigo version 14.5.0, consider disabling the Edit album function until a patch is available to prevent potential exploitation. Restrict access to this function to minimize the risk of CSRF attacks.

**Name of the Vulnerable Software and Affected Versions** ModStartCMS version 8.8.0 **Description** The issue allows attackers to redirect users to an arbitrary website via a crafted URL, exploiting an open redirect vulnerability in the `redirect` parameter at the "/admin/login" API endpoint. **Recommendations** For ModStartCMS version 8.8.0, consider disabling the `redirect` parameter in the "/admin/login" API endpoint until a patch is available. Restrict access to the "/admin/login" endpoint to minimize the risk of exploitation. Avoid using the `redirect` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Piwigo version 14.5.0 **Description** The issue is an authenticated cross-site scripting (XSS) vulnerability that allows attackers to execute arbitrary web scripts or HTML. This is achieved by injecting a crafted payload into the `Album Name` parameter under the Add Album function. **Recommendations** For Piwigo version 14.5.0, consider restricting access to the Add Album function until a patch is available. As a temporary workaround, avoid using the `Album Name` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.