Page 2 of 26 results (0.003 seconds)

CVSS: 3.5EPSS: 0%CPEs: 59EXPL: 6

Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en edit_one_pic.php en Coppermine Photo Gallery antes de v1.5.20, permite a usuarios autenticados remotamente con ciertos privilegios, inyectar secuencias de comandos web o HTML a través del parámetro keywords. • https://www.exploit-db.com/exploits/18680 http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354 http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html http://osvdb.org/80731 http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html http://secunia.com/advisories/48643 http://www.exploit-db.com/exploits/18680 http& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.4.27 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=347287 http://forum.coppermine-gallery.net/index.php/topic%2C65023.msg322935.html http://www.openwall.com/lists/oss-security/2011/06/08/2 http://www.openwall.com/lists/oss-security/2011/06/08/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 58EXPL: 0

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.5.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente de CVE-2010-4667 • http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html http://sourceforge.net/news/?group_id=89658 http://www.openwall.com/lists/oss-security/2011/06/08/2 http://www.openwall.com/lists/oss-security/2011/06/08/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/68058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 6%CPEs: 57EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. Múltiples vulnerabilidades de de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery 1.5.10 y versiones anteriores. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de los parámetros (1) h y (2) t de help.php, o el parámetro (3) picfile_XXX de searchnew.php. • https://www.exploit-db.com/exploits/35156 https://www.exploit-db.com/exploits/35157 http://secunia.com/advisories/42751 http://www.osvdb.org/70173 http://www.osvdb.org/70174 http://www.securityfocus.com/archive/1/515479/100/0/threaded http://www.securityfocus.com/bid/45600 http://www.waraxe.us/advisory-79.html https://exchange.xforce.ibmcloud.com/vulnerabilities/64344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 31EXPL: 1

Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie. Vulnerabilidad de salto de directorio en la función user_get_profile de include/functions.inc.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores, cuando el conjunto de caracteres es utf-8, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de .. (punto punto) en la parte lang de series de datos en una cookie an_data. • https://www.exploit-db.com/exploits/6178 http://secunia.com/advisories/31295 http://securityreason.com/securityalert/4108 http://www.securityfocus.com/bid/30480 https://exchange.xforce.ibmcloud.com/vulnerabilities/44133 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •