CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2010-4815
https://notcve.org/view.php?id=CVE-2010-4815
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. La galería Coppermine versiones anteriores a 1.4.26, presenta una vulnerabilidad de comprobación de entrada que permite una ejecución de código. • https://forum.coppermine-gallery.net/index.php/topic%2C63510.0.html https://seclists.org/oss-sec/2010/q1/121 https://www.openwall.com/lists/oss-security/2011/08/19/7 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14478 – Coppermine 1.5.46 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-14478
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. ecard.php en Coppermine Photo Gallery (CPG) 1.5.46 tiene XSS a través del parámetro sender_name, recipient_email, greetings, o recipient_name. Coppermine version 1.5.46 suffers from multiple cross site scripting vulnerabilities. • http://forum.coppermine-gallery.net/index.php/board%2C58.0.html http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4612
https://notcve.org/view.php?id=CVE-2014-4612
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en el gestor de palabras clave en Coppermine Photo Gallery en versiones anteriores a la 1.5.27 y en versiones 1.6.x anteriores a la 1.6.01 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html http://seclists.org/oss-sec/2014/q2/608 http://seclists.org/oss-sec/2014/q2/620 http://sourceforge.net/p/coppermine/code/8674 http://www.securityfocus.com/bid/68140 https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2015-6528
https://notcve.org/view.php?id=CVE-2015-6528
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. Múltiples vulnerabilidades de XSS en install_classic.php en Coppermine Photo Gallery (CPG) 1.5.36, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix o (9) impath. • http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3921 – Coppermine Gallery 1.5.34 XSS / Open Redirection
https://notcve.org/view.php?id=CVE-2015-3921
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter. Vulnerabilidad de XSS en contact.php en Coppermine Photo Gallery anterior a 1.5.36 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro referer. Coppermine Gallery version 1.5.34 suffers from cross site scripting, open redirection, and directory enumeration vulnerabilities. • http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html http://www.securityfocus.com/bid/74872 http://www.securitytracker.com/id/1032558 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •