漏洞信息详情
Coppermine 'Displayimage.PH'P 跨站脚本漏洞
- CNNVD编号:CNNVD-200508-263 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2005-2676
- 漏洞类型: 跨站脚本
- 发布时间: 2005-08-23
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: coppermine
- 漏洞来源: The vendor has dis...
-
漏洞简介
Coppermine Photo Gallery 1.3.4之前的版本中的displayimage.php 页面存在跨站脚本攻击(XSS)漏洞。这使得远程攻击者可以借助于exif数据注入任意Web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Coppermine Photo Gallery 1.0 RC3
Coppermine cpg1.3.4.zip
http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip
Coppermine Photo Gallery 1.1 .0
Coppermine cpg1.3.4.zip
http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip
Coppermine Photo Gallery 1.1 beta 2
Coppermine cpg1.3.4.zip
http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip
Coppermine Photo Gallery 1.2
Coppermine cpg1.3.4.zip
http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip
Coppermine Photo Gallery 1.2.1
Coppermine cpg1.3.4.zip
http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip
Coppermine Photo Gallery 1.2.2 b
Coppermine cpg1.3.4.zip
http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip
Coppermine Photo Gallery 1.3
Coppermine cpg1.3.4.zip
http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip
Coppermine Photo Gallery 1.3.2
Coppermine cpg1.3.4.zip
http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip
Coppermine Photo Gallery 1.3.3
Coppermine cpg1.3.4.zip
http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip
参考网址
来源: BID
名称: 14625
链接:http://www.securityfocus.com/bid/14625
来源: coppermine-gallery.net
链接:http://coppermine-gallery.net/forum/index.php?topic=20933.0
来源: SECTRACK
名称: 1014799
链接:http://securitytracker.com/id?1014799
来源: SECUNIA
名称: 16499
链接:http://secunia.com/advisories/16499
受影响实体
- Coppermine Coppermine_photo_gallery 1.0_rc3<!--2000-1-1-->
- Coppermine Coppermine_photo_gallery 1.1_.0<!--2000-1-1-->
- Coppermine Coppermine_photo_gallery 1.1_beta_2<!--2000-1-1-->
- Coppermine Coppermine_photo_gallery 1.2<!--2000-1-1-->
- Coppermine Coppermine_photo_gallery 1.2.1<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...