Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.
Add your gear to cvedb and we'll alert you only when chevereto ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.