Chevereto prior to 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.
chevereto chevereto