Coppermine Photo Gallery 1.4.21 Cross-Site Scripting

2009.05.05

Credit: Gerendi Sandor Attila

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

 Coppermine Photo Gallery 1.4.21 Cross-Site Scripting

Author: Gerendi Sandor Attila
Date: April 29, 2009
Package: Coppermine Photo Gallery (cpg1.4.21)
Product homepage: http://coppermine-gallery.net/
Versions Affected: v.1.4.21 (older versions are also affected)
Advisory: http://gsasec.blogspot.com/2009/04/coppermine-photo-gallery-1421-cross.html
Severity: Medium

Input passed to the 'css' parameter from '/docs/showdoc.php' is not sanitized before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Example:

http://somehost/docs/showdoc.php?css=1>">alert(123)%3B

The vendor already released a security release which fixes the issue, read at: http://forum.coppermine-gallery.net/index.php/topic,59247.0.html
(cpg1.4.22 Security release - upgrade mandatory)

References:

http://seclists.org/bugtraq/2009/May/0020.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Coppermine Photo Gallery 1.4.21 Cross-Site Scripting

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.