Coppermine Photo Gallery 1.4.21 Cross-Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Coppermine Photo Gallery 1.4.21 Cross-Site Scripting
From: darkz.gsa@xxxxxxxxx
Date: 4 May 2009 09:31:26 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Coppermine Photo Gallery 1.4.21 Cross-Site Scripting

Author: Gerendi Sandor Attila
Date: April 29, 2009
Package: Coppermine Photo Gallery (cpg1.4.21)
Product homepage: http://coppermine-gallery.net/
Versions Affected: v.1.4.21 (older versions are also affected)
Advisory: 
http://gsasec.blogspot.com/2009/04/coppermine-photo-gallery-1421-cross.html
Severity: Medium

Input passed to the 'css' parameter from '/docs/showdoc.php' is not sanitized 
before it is returned to the user. This can be exploited to execute arbitrary 
HTML and script code in a user's browser session in context of an affected site.

Example:

http://somehost/docs/showdoc.php?css=1>">alert(123)%3B

The vendor already released a security release which fixes the issue, read at: 
http://forum.coppermine-gallery.net/index.php/topic,59247.0.html
(cpg1.4.22 Security release - upgrade mandatory)

Prev by Date: “Cross-Site Scripting” vulnerability in MyBB 1.4.5
Next by Date: Secunia Research: IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows
Previous by thread: “Cross-Site Scripting” vulnerability in MyBB 1.4.5
Next by thread: Secunia Research: IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows
Index(es):
- Date
- Thread