Description
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.
Remediation
References
Related Vulnerabilities
WordPress Plugin YOP Poll Cross-Site Scripting (5.8.0)
PHP Use of Uninitialized Resource Vulnerability (CVE-2019-11038)
WordPress Plugin Anti-Splog Cross-Site Scripting (2.1.7)
WordPress Plugin Slider by 10Web-Responsive Image Slider Unspecified Vulnerability (1.1.9)
WordPress Plugin Accessibility Suite by Online ADA SQL Injection (2.0.10)