Thursday, April 30, 2009

Coppermine Photo Gallery v.1.4.21 Cross-Site Scripting

Author: Gerendi Sandor Attila
Date: April 29, 2009
Package: Coppermine Photo Gallery (cpg1.4.21)
Product Homepage: http://coppermine-gallery.net/
Versions Affected: v.1.4.21 (older versions are also affected)
Severity: Medium

Input passed to the 'css' parameter from '/docs/showdoc.php' is not sanitized before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Example:
http://somehost/docs/showdoc.php?css=1>">alert(123)%3B


Status:
1. Contacted the author on April 29, 2009.
2. The vendor responded promptly (on April 30, 2009) releasing a security release which fixes the issue, read at:
cpg1.4.22 Security release - upgrade mandatory

No comments:

Post a Comment