Coppermine Photo Gallery version 1.4.21 suffers from a cross site scripting vulnerability in showdoc.php.
e8ae1c47613fdf78108be84ae6d6fa266aa0ce8946bbf057621ab48eff183bbfCoppermine Photo Gallery 1.4.21 Cross-Site Scripting
Author: Gerendi Sandor Attila
Date: April 29, 2009
Package: Coppermine Photo Gallery (cpg1.4.21)
Product homepage: http://coppermine-gallery.net/
Versions Affected: v.1.4.21 (older versions are also affected)
Advisory: http://gsasec.blogspot.com/2009/04/coppermine-photo-gallery-1421-cross.html
Severity: Medium
Input passed to the 'css' parameter from '/docs/showdoc.php' is not sanitized before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Example:
http://somehost/docs/showdoc.php?css=1>">alert(123)%3B
The vendor already released a security release which fixes the issue, read at: http://forum.coppermine-gallery.net/index.php/topic,59247.0.html
(cpg1.4.22 Security release - upgrade mandatory)
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed