Coppermine Photo Gallery 1.4.21 Cross-Site Scripting

2009-05-04T00:00:00
ID SECURITYVULNS:DOC:21772
Type securityvulns
Reporter Securityvulns
Modified 2009-05-04T00:00:00

Description

Coppermine Photo Gallery 1.4.21 Cross-Site Scripting

Author: Gerendi Sandor Attila Date: April 29, 2009 Package: Coppermine Photo Gallery (cpg1.4.21) Product homepage: http://coppermine-gallery.net/ Versions Affected: v.1.4.21 (older versions are also affected) Advisory: http://gsasec.blogspot.com/2009/04/coppermine-photo-gallery-1421-cross.html Severity: Medium

Input passed to the 'css' parameter from '/docs/showdoc.php' is not sanitized before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Example:

http://somehost/docs/showdoc.php?css=1>">alert(123)%3B

The vendor already released a security release which fixes the issue, read at: http://forum.coppermine-gallery.net/index.php/topic,59247.0.html (cpg1.4.22 Security release - upgrade mandatory)