FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-1613

This CVE name corresponds to:

Entered Topic
2012-08-30 coppermine -- Multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-1613
Phase Assigned(20120312)

Description

Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.

References

Source Reference
BUGTRAQ 20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18
EXPLOIT-DB 18680
MLIST [oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081
MLIST [oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081
MLIST [oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081
MISC http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html
MISC http://www.waraxe.us/advisory-81.html
CONFIRM http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354
CONFIRM http://forum.coppermine-gallery.net/index.php/topic,74682.0.html
BID 52818
OSVDB 80731
SECUNIA 48643