CVE-2018-14478 – Coppermine 1.5.46 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-14478
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. ecard.php en Coppermine Photo Gallery (CPG) 1.5.46 tiene XSS a través del parámetro sender_name, recipient_email, greetings, o recipient_name. Coppermine version 1.5.46 suffers from multiple cross site scripting vulnerabilities. • http://forum.coppermine-gallery.net/index.php/board%2C58.0.html http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4612
https://notcve.org/view.php?id=CVE-2014-4612
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en el gestor de palabras clave en Coppermine Photo Gallery en versiones anteriores a la 1.5.27 y en versiones 1.6.x anteriores a la 1.6.01 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html http://seclists.org/oss-sec/2014/q2/608 http://seclists.org/oss-sec/2014/q2/620 http://sourceforge.net/p/coppermine/code/8674 http://www.securityfocus.com/bid/68140 https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-17869 – mgl-instagram-gallery Plugin (Unknown Versions) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-17869
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. El plugin mgl-instagram-gallery para WordPress contiene XSS mediante el parámetro multimedia single-gallery.php. • https://cxsecurity.com/issue/WLB-2017120183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-10940 – ZM Gallery <= 1.0 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2016-10940
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. El plugin zm-gallery versión 1.0 para WordPress, presenta una inyección SQL por medio del parámetro order. • http://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection https://wordpress.org/plugins/zm-gallery/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-1000153 – Tidio Gallery <= 1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-1000153
Reflected XSS in wordpress plugin tidio-gallery v1.1 Vulnerabilidad de XSS reflejada en el plugin de wordpress tidio-gallery v1.1 Reflected XSS in wordpress plugin tidio-gallery v1.1 via galleryId parameter. • http://www.securityfocus.com/bid/93543 http://www.vapidlabs.com/wp/wp_advisory.php?v=427 https://wordpress.org/plugins/tidio-gallery • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •