MEDIUM
Piwigo
CVE published 2017-01-28
CVE-2017-5608
CVE-2017-5608 is a cross-site scripting (XSS) issue in Piwigo’s image upload flow. According to the CVE record, versions before 2.8.6 could allow a remote attacker to inject arbitrary web script or HTML through a crafted image filename. The vulnerability is publicly documented in NVD and tied to a vendor fix in Piwigo 2.8.6.