Description

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.

Remediation

References

CVE-2010-4693

Related Vulnerabilities

WordPress Plugin NOSpamPTI SQL Injection (2.1)

WordPress Plugin Seatgeek Affiliate Tickets Cross-Site Scripting (1.0.2)

Oracle Application Server Other Vulnerability (CVE-2000-1236)

Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3246)

XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-37277)

Severity

Medium

Classification

CVE-2010-4693 CWE-707

Tags

Missing Update Known Vulnerabilities