Zak S

**Name of the Vulnerable Software and Affected Versions** Piwigo version 2.10.1 **Description** The issue is related to stored XSS via the `file` parameter in a "/ws.php" request. This is caused by the `pwg.images.setInfo` function. **Recommendations** For Piwigo version 2.10.1, consider disabling the `pwg.images.setInfo` function as a temporary workaround until a patch is available. Restrict access to the "/ws.php" endpoint to minimize the risk of exploitation. Avoid using the `file` parameter in the affected API endpoint until the issue is resolved.