[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46

To: Daniel Bishtawi <daniel@xxxxxxxxxxxxxx>
Subject: Re: [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46
From: Henri Salo <henri@xxxxxxx>
Date: Sat, 26 Jan 2019 13:16:45 +0200

On Wed, Jan 23, 2019 at 01:10:08PM +0100, Daniel Bishtawi wrote:
> We are glad to inform you about the vulnerabilities we reported in
> Coppermine 1.5.46.
> 
> Status: Fixed
> CVE-ID: 2018-14478
> https://www.netsparker.com/web-applications-advisories/ns-18-050-cross-site-scripting-in-coppermine/

Fixed in 1.5.48. Vendor advisory: 
http://forum.coppermine-gallery.net/index.php/topic,79577.0.html

You might want to repeat your security testing on modified parts of the
application.

-- 
Henri Salo

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46
  - From: Daniel Bishtawi

Prev by Date: [FD] APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows
Previous by thread: [FD] Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46
Next by thread: [FD] Stored Cross-site Scripting Vulnerability in Podcast Generator 2.7
Index(es):
- Date
- Thread