Description

Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.

Remediation

References

CVE-2015-6528

Related Vulnerabilities

Oracle Database Server CVE-2014-6455 Vulnerability (CVE-2014-6455)

Oracle JRE CVE-2012-1531 Vulnerability (CVE-2012-1531)

WordPress Plugin Relevant-Related Posts by BestWebSoft Cross-Site Scripting (1.1.9)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-0217)

WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3361)

Severity

Medium

Classification

CVE-2015-6528

Tags

Missing Update Known Vulnerabilities