The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.
6.1CVSS
5.9AI Score
0.003EPSS
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.
9.8CVSS
9.8AI Score
0.031EPSS