Cross-Site Scripting Vulnerability in Coppermine Photo Gallery
CVE-2014-4612

6.1MEDIUM

Key Information:

Vendor

Coppermine-gallery

Status
Coppermine Photo Gallery
Vendor
CVE Published:
16 March 2018

What is CVE-2014-4612?

The vulnerability in the keywords manager of Coppermine Photo Gallery allows remote attackers to inject arbitrary web scripts or HTML through unspecified vectors. This could lead to malicious activities such as session hijacking, affecting both users and administrators of the gallery. Users of versions prior to 1.5.27 and 1.6.x prior to 1.6.01 are encouraged to upgrade to secure their installations against potential exploitation.

References

http://www.securityfocus.com/bid/68140
vdb-entryx_refsource_BID
http://seclists.org/oss-sec/2014/q2/608
mailing-listx_refsource_MLIST
http://seclists.org/oss-sec/2014/q2/620
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2014-4612 : Cross-Site Scripting Vulnerability in Coppermine Photo Gallery