CVE-2012-1613

Coppermine-gallery Coppermine Photo Gallery < 1.5.18 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by waraxe · textwebappsphp

https://www.exploit-db.com/exploits/18680

View Code ZIP pw:eip

References (12)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html

[Patch] http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354

[Various Sources] http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html

[Third Party Advisory, VDB Entry] http://osvdb.org/80731

[Exploit] http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html

[Vendor Advisory] http://secunia.com/advisories/48643

[Exploit] http://www.openwall.com/lists/oss-security/2012/03/30/5

[Exploit] http://www.waraxe.us/advisory-81.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52818

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/18680

[Mailing List] http://www.openwall.com/lists/oss-security/2012/03/30/6

[Mailing List] http://www.openwall.com/lists/oss-security/2012/04/03/6

Scores

EPSS 0.0190

EPSS Percentile 83.0%

Classification

CWE

CWE-79

Status published

Affected Products (50)

coppermine-gallery/coppermine_photo_gallery < 1.5.18

coppermine-gallery/coppermine_photo_gallery

... and 35 more

Timeline

Published Sep 04, 2012

Tracked Since Feb 18, 2026