CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4612
https://notcve.org/view.php?id=CVE-2014-4612
16 Mar 2018 — Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en el gestor de palabras clave en Coppermine Photo Gallery en versiones anteriores a la 1.5.27 y en versiones 1.6.x anteriores a la 1.6.01 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores n... • http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2015-3921 – Coppermine Gallery 1.5.34 XSS / Open Redirection
https://notcve.org/view.php?id=CVE-2015-3921
21 May 2015 — Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter. Vulnerabilidad de XSS en contact.php en Coppermine Photo Gallery anterior a 1.5.36 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro referer. Coppermine Gallery version 1.5.34 suffers from cross site scripting, open redirection, and directory enu... • https://packetstorm.news/files/id/132004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-3922 – Coppermine Gallery 1.5.34 XSS / Open Redirection
https://notcve.org/view.php?id=CVE-2015-3922
21 May 2015 — Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter. Vulnerabilidad de la redirección abierta en mode.php en Coppermine Photo Gallery anterior a 1.5.36 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro referer. Coppermine Gallery version 1.5.34 suffers from cr... • https://packetstorm.news/files/id/132004 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-3923 – Coppermine Gallery 1.5.34 XSS / Open Redirection
https://notcve.org/view.php?id=CVE-2015-3923
21 May 2015 — Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php. Coppermine Photo Gallery anterior a 1.5.36 permite a atacantes remotos enumerar directorios a través de una ruta completa en el parámetro folder en minibrowser.php. Coppermine Gallery version 1.5.34 suffers from cross site scripting, open redirection, and directory enumeration vulnerabilities. • https://packetstorm.news/files/id/132004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 1%CPEs: 59EXPL: 6CVE-2012-1613 – coppermine 1.5.18 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1613
04 Sep 2012 — Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en edit_one_pic.php en Coppermine Photo Gallery antes de v1.5.20, permite a usuarios autenticados remotamente con ciertos privilegios, inyectar secuencias de comandos web o HTML a través del parámetro keyw... • https://www.exploit-db.com/exploits/18680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 19%CPEs: 61EXPL: 10CVE-2012-1614 – coppermine 1.5.18 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1614
04 Sep 2012 — Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message. Coppermine Photo Gallery anterior a v1.5.20 permite a atacantes remotos obtener información sensible a través de ... • https://www.exploit-db.com/exploits/18680 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 58EXPL: 0CVE-2011-2476
https://notcve.org/view.php?id=CVE-2011-2476
14 Jun 2011 — Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.5.12 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente de CVE-2010-4667 • http://forum.coppermine-gallery.net/index.php/topic%2C69495.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 49EXPL: 0CVE-2010-4667
https://notcve.org/view.php?id=CVE-2010-4667
14 Jun 2011 — Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery (CPG), antes de v1.4.27 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=347287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 57EXPL: 5CVE-2010-4693 – Coppermine Photo Gallery 1.5.10 - 'help.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4693
11 Jan 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. Múltiples vulnerabilidades de de secuencias de comandos en sitios cruzados (XSS) en Coppermine Photo Gallery 1.5.10 y versiones anteriores. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de los parámetros (... • https://www.exploit-db.com/exploits/35156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 31EXPL: 1CVE-2008-3486 – Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-3486
06 Aug 2008 — Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie. Vulnerabilidad de salto de directorio en la función user_get_profile de include/functions.inc.php en Coppermine Photo Gallery (CPG) 1.4.18 y versiones anteriores, cuando el conjunto de caract... • https://www.exploit-db.com/exploits/6178 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •