ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags...
9.8CVSS
9.8AI Score
0.031EPSS
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag...
6.1CVSS
5.9AI Score
0.003EPSS