CVE-2021-43675

Name of the Vulnerable Software and Affected Versions: Lychee-v3 version 3.2.16

Description: The issue is related to a Cross Site Scripting (XSS) vulnerability in the php/Access/Guest.php file. The exit function will terminate the script and print a message to the user, which contains the albumID variable controlled by the user.

Recommendations: For Lychee-v3 version 3.2.16, consider restricting access to the php/Access/Guest.php file until a patch is available. As a temporary workaround, avoid using the albumID variable in the affected script to minimize the risk of exploitation.