CVE-2007-5888

Coppermine Photo Gallery <1.4.14 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.

References (5)

[Patch] http://coppermine-gallery.net/forum/index.php?topic=48106.0

[Patch, Vendor Advisory] http://secunia.com/advisories/27534

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26357

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/38290

[Third Party Advisory, VDB Entry] http://osvdb.org/38420

Scores

EPSS 0.0035

EPSS Percentile 57.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

coppermine/coppermine_photo_gallery < 1.4.13

Timeline

Published Nov 07, 2007

Tracked Since Feb 18, 2026