CVE-2020-22148

Name of the Vulnerable Software and Affected Versions Piwigo version 2.10.1

Description A stored cross site scripting (XSS) issue in the "/admin.php?page=tags" endpoint allows attackers to execute arbitrary web scripts or HTML. This could potentially lead to unauthorized actions on the affected system.

Recommendations For Piwigo version 2.10.1, consider disabling access to the "/admin.php?page=tags" endpoint until a fix is available. Restricting the use of the page and tags parameters in this endpoint can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.