Vulnerability Name:

CVE-2008-0505 (CCN-40055)

Assigned:2008-01-29
Published:2008-01-29
Updated:2018-10-15
Summary:Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Coppermine Photo Gallery Web site
Coppermine Photo Gallery

Source: CCN
Type: Coppermine Forum, Janauary 29, 2008, 08:35:42 AM
Maintenance release cpg1.4.15 (security-related) - upgrade mandatory

Source: CONFIRM
Type: Patch
http://coppermine-gallery.net/forum/index.php?topic=50103.0

Source: MITRE
Type: CNA
CVE-2008-0505

Source: CCN
Type: SA28682
Coppermine Photo Gallery Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28682

Source: CCN
Type: SECTRACK ID: 1019285
Coppermine Photo Gallery Bugs Permit Cross-Site Scripting and SQL Injection Attacks

Source: CCN
Type: OSVDB ID: 41677
Coppermine Photo Gallery docs/showdoc.php Multiple Parameter XSS

Source: BUGTRAQ
Type: UNKNOWN
20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14

Source: BID
Type: Patch
27511

Source: CCN
Type: BID-27511
Coppermine Photo Gallery 'showdoc.php' Multiple Cross-Site Scripting Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019285

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0367

Source: MISC
Type: UNKNOWN
http://www.waraxe.us/advisory-66.html

Source: XF
Type: UNKNOWN
copperminephoto-showdoc-xss(40055)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*
  • OR cpe:/a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:* (Version <= 1.4.14)

    • * Denotes that component is vulnerable
    BACK
    coppermine coppermine photo gallery 1.4.10
    coppermine coppermine photo gallery 1.4.11
    coppermine coppermine photo gallery 1.4.12
    coppermine coppermine photo gallery 1.4.13
    coppermine coppermine photo gallery *