Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1616 β€” Cross-site Scripting in Photo Gallery

CWE-79 β€” Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
1.3%
top 20.27%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Coppermine Photo Gallery
Timeline
PublishedMay 11
Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-h42p-ggw4-pp97: Cross-site scripting (XSS) vulnerability in docs/showdoc↗2022-05-02
β–Ά
CVEList
CVE-2009-1616: Cross-site scripting (XSS) vulnerability in docs/showdoc↗2009-05-11
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
Coppermine Photo Gallery 1.4.21 - 'css' Cross-Site Scripting↗2009-04-29
β–Ά
CVE-2009-1616 β€” Cross-site Scripting in Photo Gallery | cvebase