Cross-Site Scripting in Coppermine Photo Gallery by Coppermine
CVE-2018-14478

6.1MEDIUM

Key Information:

Vendor

Coppermine-gallery

Status
Coppermine Photo Gallery
Vendor
CVE Published:
7 May 2019

What is CVE-2018-14478?

A vulnerability has been identified in Coppermine Photo Gallery version 1.5.46, specifically within the ecard.php file. Attackers can exploit this vulnerability through user-supplied input in the sender_name, recipient_email, greetings, or recipient_name parameters. This exploitation can lead to the execution of arbitrary scripts in the context of the user's session, potentially allowing for data theft and session hijacking. To mitigate risks, it is advisable to sanitize user inputs and implement proper security measures.

References

http://packetstormsecurity.com/files/151306/Coppermine-1....
x_refsource_MISC
http://forum.coppermine-gallery.net/index.php/board%2C58....
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2018-14478 : Cross-Site Scripting in Coppermine Photo Gallery by Coppermine