Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4977 — Cross-site Scripting in Photo Gallery

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

3.5LOWNVD

EPSS

0.9%

top 24.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Coppermine Photo Gallery

Timeline

PublishedSep 19

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDcoppermine/coppermine_photo_gallery7 versions+6

Patches

Patch: coppermine-gallery.net ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6rr9-c96h-w95q: Cross-site scripting (XSS) vulnerability in mode↗2022-05-01

▶

CVEList

CVE-2007-4977: Cross-site scripting (XSS) vulnerability in mode↗2007-09-19

▶

💥Exploits & PoCs

Exploit-DB

Coppermine Photo Gallery 1.4.12 - 'referer' Cross-Site Scripting↗2007-09-17

▶