Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21772
HistoryMay 04, 2009 - 12:00 a.m.

Coppermine Photo Gallery 1.4.21 Cross-Site Scripting

2009-05-0400:00:00
vulners.com
36
JSON

Coppermine Photo Gallery 1.4.21 Cross-Site Scripting

Author: Gerendi Sandor Attila
Date: April 29, 2009
Package: Coppermine Photo Gallery (cpg1.4.21)
Product homepage: http://coppermine-gallery.net/
Versions Affected: v.1.4.21 (older versions are also affected)
Advisory: http://gsasec.blogspot.com/2009/04/coppermine-photo-gallery-1421-cross.html
Severity: Medium

Input passed to the 'css' parameter from '/docs/showdoc.php' is not sanitized before it is returned to the user. This can
be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Example:

http://somehost/docs/showdoc.php?css=1>">alert(123)%3B

The vendor already released a security release which fixes the issue, read at:
http://forum.coppermine-gallery.net/index.php/topic,59247.0.html
(cpg1.4.22 Security release - upgrade mandatory)

JSON