Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lycheeorg lychee 3.2.16 |