Cross site scripting

2018-03-1617:29:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
coppermine_photo_galleryge1.6.0
coppermine_photo_gallerylt1.6.01
coppermine_photo_gallerylt1.5.28

Name	Operator	Version
coppermine_photo_gallery	ge	1.6.0
coppermine_photo_gallery	lt	1.6.01
coppermine_photo_gallery	lt	1.5.28

References

forum.coppermine-gallery.net/index.php/topic%2C77376.0.html

seclists.org/oss-sec/2014/q2/608

seclists.org/oss-sec/2014/q2/620

sourceforge.net/p/coppermine/code/8674

www.securityfocus.com/bid/68140

sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt

sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt