Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.
piwigo piwigo 2.10.1