Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.
Published February 10, 2020.
Piwigo Piwigo