Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coppermine-Gallery | Coppermine Photo Gallery | 1.5.36 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-CrosExploit
- http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-CrosExploit
FAQ
What is CVE-2015-6528?
CVE-2015-6528 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_user...
How severe is CVE-2015-6528?
CVE-2015-6528 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6528?
Check the references section above for vendor advisories and patch information. Affected products include: Coppermine-Gallery Coppermine Photo Gallery.