2 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en el gestor de palabras clave en Coppermine Photo Gallery en versiones anteriores a la 1.5.27 y en versiones 1.6.x anteriores a la 1.6.01 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html http://seclists.org/oss-sec/2014/q2/608 http://seclists.org/oss-sec/2014/q2/620 http://sourceforge.net/p/coppermine/code/8674 http://www.securityfocus.com/bid/68140 https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. Múltiples vulnerabilidades de XSS en install_classic.php en Coppermine Photo Gallery (CPG) 1.5.36, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix o (9) impath. • http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •