Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
http://www.securityfocus.com/bid/68140
http://seclists.org/oss-sec/2014/q2/620
http://seclists.org/oss-sec/2014/q2/608
https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt
https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt
http://sourceforge.net/p/coppermine/code/8674
http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html
Source: Mitre, NVD
Published: 2018-03-16
Updated: 2024-11-21
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS: 0.0054