Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.