The album description does not perform input / output validation. According to the researcher: No reply from vendor. Issue not patched. Vulnerability can be exploited by any user. Form not vulnerable to CSRF.
'"><script>alert("test");</script> 2018-01-17 (about 5 years ago)
2018-01-22 (about 5 years ago)
2020-09-22 (about 2 years ago)