CVE-2009-1616

Coppermine Photo Gallery - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gerendi Sandor Attila · textwebappsphp

https://www.exploit-db.com/exploits/32963

View Code ZIP pw:eip

References (5)

[Various Sources] http://forum.coppermine-gallery.net/index.php/topic%2C59237.0.html

[Various Sources] http://forum.coppermine-gallery.net/index.php/topic%2C59247.0.html

[Third Party Advisory, VDB Entry] http://osvdb.org/54145

[Vendor Advisory] http://secunia.com/advisories/34961

[Exploit] http://www.securityfocus.com/bid/34782

Scores

EPSS 0.0130

EPSS Percentile 79.5%

Classification

CWE

CWE-79

Status published

Affected Products (2)

coppermine/coppermine_photo_gallery

n/a/n/a

Timeline

Published May 11, 2009

Tracked Since Feb 18, 2026