Cross Site Scripting (XSS) Vulnerability in Lychee-v3 3.2.16's php/Access/Guest.php

Cross Site Scripting (XSS) Vulnerability in Lychee-v3 3.2.16's php/Access/Guest.php

CVE-2021-43675 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.

Learn more about our Cis Benchmark Audit For Print Devices.