Description

Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.

Remediation

References

CVE-2015-6528

Related Vulnerabilities

WordPress Plugin Theme Editor Arbitrary File Download (2.5)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4041)

Microsoft SQL Server CVE-2023-23384 Vulnerability (CVE-2023-23384)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-0365)

WordPress Plugin WP GDPR Compliance Privilege Escalation (1.4.2)

Severity

Medium

Classification

CVE-2015-6528

Tags

Missing Update Known Vulnerabilities