Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16040
http://www.waraxe.us/index.php?modname=sa&id=26