Coppermine.Photo.Gallery.XSS

description-logoDescription

This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG).
The vulnerability is caused by an error when the vulnerable software handles a specially crafted URL. It allows a remote attacker to inject arbitrary web script or HTML.

affected-products-logoAffected Products

Coppermine Photo Gallery 1.4.12
Coppermine Photo Gallery 1.4.11
Coppermine Photo Gallery 1.4.10
Coppermine Photo Gallery 1.4.9
Coppermine Photo Gallery 1.4.4
Coppermine Photo Gallery 1.4.2
Coppermine Photo Gallery 1.4

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to Coppermine Photo Gallery (CPG) 1.4.13:
http://downloads.sourceforge.net/coppermine/cpg1.4.13.zip

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)