Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18374
http://www.securityfocus.com/bid/11824
http://securitytracker.com/id?1012434