Hello/Hi/Greetings,

there is a XSS-vulnerability in the osm-plugin. Its existence can easily be verified by calling this URI on a osm-enabled piwigo instance - at least at mine it showed the pop-up:

<your-piwigo-domain>/index.php?zoom=</script><script>confirm(1)</script>

Piwigo is latest 16.2 version with latest plugin version.

I have opened this github-issue for this (no response, so far):
[Github] piwigo-openstreetmap issue #283

Further, I have created a PR to fix this vulnerability:
https://github.com/Piwigo/piwigo-openstreetmap/pull/284

I would be glad, if this could be checked and then hopefully merged to make Piwigo a little safer place :)

Best
Jens