Page 3 of 19 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.4.27 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=347287 http://forum.coppermine-gallery.net/index.php/topic%2C65023.msg322935.html http://www.openwall.com/lists/oss-security/2011/06/08/2 http://www.openwall.com/lists/oss-security/2011/06/08/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 58EXPL: 0

Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.5.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente de CVE-2010-4667 • http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html http://sourceforge.net/news/?group_id=89658 http://www.openwall.com/lists/oss-security/2011/06/08/2 http://www.openwall.com/lists/oss-security/2011/06/08/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/68058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 6%CPEs: 57EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. Múltiples vulnerabilidades de de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery 1.5.10 y versiones anteriores. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de los parámetros (1) h y (2) t de help.php, o el parámetro (3) picfile_XXX de searchnew.php. • https://www.exploit-db.com/exploits/35156 https://www.exploit-db.com/exploits/35157 http://secunia.com/advisories/42751 http://www.osvdb.org/70173 http://www.osvdb.org/70174 http://www.securityfocus.com/archive/1/515479/100/0/threaded http://www.securityfocus.com/bid/45600 http://www.waraxe.us/advisory-79.html https://exchange.xforce.ibmcloud.com/vulnerabilities/64344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504. Coppermine Photo Gallery (CPG) v1.4.14 no restringe el acceso a update.php, lo que permite a atacantes remotos obtener información sensible como el prefijo de la tabla de la base de datos a través de una petición directa. NOTA: esto podría ser aprovechado para ataques contra CVE-2008-0504. • http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message. Coppermine Photo Gallery (CPG) v1.4.14, permite a atacantes remoto obtener información sensible a través de una petición directa a include/slideshow.inc.php, filtrando el directorio de instalación en un mensaje de error. • http://www.securityfocus.com/archive/1/487351/100/200/threaded http://www.securitytracker.com/id?1019285 http://www.vupen.com/english/advisories/2008/0367 http://www.waraxe.us/advisory-66.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •