CVE-2015-2034

Name of the Vulnerable Software and Affected Versions Piwigo versions prior to 2.7.4

Description A cross-site scripting (XSS) issue exists in the administrative backend, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the page parameter to admin.php.

Recommendations For versions prior to 2.7.4, update to version 2.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative backend to minimize the risk of exploitation. Avoid using the page parameter in the admin.php endpoint until the issue is resolved.