CVE-2015-3921

Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://forum.coppermine-gallery.net/index.php/topic%2C78194.0.html
http://packetstormsecurity.com/files/132004/Coppermine-Gallery-1.5.34-XSS-Open-Redirection.html
http://www.securityfocus.com/bid/74872
http://www.securitytracker.com/id/1032558

Configurations

Configuration 1 (hide)

cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-05-27 18:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-3921

Mitre link : CVE-2015-3921

CVE.ORG link : CVE-2015-3921

JSON object : View

Products Affected

coppermine-gallery

coppermine_photo_gallery

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

3.5 /10