AI Score
Confidence
High
EPSS
Percentile
39.1%
Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.
github.com/LycheeOrg/Lychee
github.com/LycheeOrg/Lychee-v3
github.com/LycheeOrg/LycheeOrg.github.io/blob/master/docs/releases.md#v3216