Coppermine Photo Gallery EXIF Data Cross Site Scripting Issue

AlphaOne Technology Support Forums

Welcome, Guest. Please login or register.
January 08, 2009, 07:51:38 PM

1733 Posts in 827 Topics by 5355 Members
Latest Member: J K Brown

Home

Help

Login

Register

AlphaOne Technology Support Forums | IMPORTANT ANNOUNCEMENTS | Security Announcements | Topic: Coppermine Photo Gallery EXIF Data Cross Site Scripting Issue

0 Members and 0 Guests are viewing this topic.

« previous next »

Pages: [1]

Go Down

Print

Author

Topic: Coppermine Photo Gallery EXIF Data Cross Site Scripting Issue (Read 811 times)

TJ

Tech Team
Hero Member

Offline

Offline

Posts: 136

Coppermine Photo Gallery EXIF Data Cross Site Scripting Issue

« on: August 25, 2005, 02:09:05 PM »

* Technical Description *

A cross site scripting vulnerability was identified in Coppermine Photo Gallery, which may be exploited by attackers to inject malicious HTML code. This flaw is due to an input validation error in the "displayimage.php" script when displaying EXIF data, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.

* Affected Products *

Coppermine Photo Gallery versions prior to 1.3.4

* Solution *

Upgrade to Coppermine Photo Gallery version 1.3.4 :
http://sourceforge.net/project/showfiles.php?group_id=89658

* References *

http://www.frsirt.com/english/advisories/2005/1491
http://coppermine-gallery.net/forum/index.php?topic=20933.0


	Logged

Pages: [1]

Go Up

Print

AlphaOne Technology Support Forums | IMPORTANT ANNOUNCEMENTS | Security Announcements | Topic: Coppermine Photo Gallery EXIF Data Cross Site Scripting Issue

« previous next »

Jump to:

AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved.