CVE-2021-43683

Name of the Vulnerable Software and Affected Versions: pictshare version 1.5

Description: The issue is related to a Cross Site Scripting (XSS) vulnerability in the "api/info.php" endpoint. The exit function will terminate the script and print a message that includes the value of the hash variable from the $ REQUEST array. This suggests that an attacker could potentially inject malicious scripts by manipulating the hash parameter.

Recommendations: For pictshare version 1.5, consider disabling the "api/info.php" endpoint until a patch is available to prevent exploitation of the XSS vulnerability. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation. Avoid using the hash parameter in the affected API endpoint until the issue is resolved.