CVE-2012-1613

Coppermine-gallery Coppermine Photo Gallery < 1.5.18 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by waraxe · textwebappsphp

https://www.exploit-db.com/exploits/18680

View Code ZIP pw:eip

References (12)

Core 12

Core References

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-03/0167.html

Exploit x_refsource_misc

http://www.waraxe.us/advisory-81.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/80731

Exploit x_refsource_misc

http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18680

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48643

Patch x_refsource_confirm

http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/52818

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/03/30/6

Various Sources x_refsource_confirm

http://forum.coppermine-gallery.net/index.php/topic%2C74682.0.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/04/03/6

Exploit mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/03/30/5

Scores

EPSS 0.0213

EPSS Percentile 84.4%

Details

CWE

CWE-79

Status published

Products (42)

coppermine-gallery/coppermine_photo_gallery 1.0 (2 CPE variants)

coppermine-gallery/coppermine_photo_gallery 1.1 (2 CPE variants)

coppermine-gallery/coppermine_photo_gallery 1.1.0

coppermine-gallery/coppermine_photo_gallery 1.2

coppermine-gallery/coppermine_photo_gallery 1.2.0 (2 CPE variants)

coppermine-gallery/coppermine_photo_gallery 1.2.1 (3 CPE variants)

coppermine-gallery/coppermine_photo_gallery 1.3.0

coppermine-gallery/coppermine_photo_gallery 1.3.1

coppermine-gallery/coppermine_photo_gallery 1.3.2

coppermine-gallery/coppermine_photo_gallery 1.3.3

... and 32 more

Published Sep 04, 2012

Tracked Since Feb 18, 2026