CVE-2005-2676 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.

Affected Software

Name	Vendor	Start Version	End Version
Coppermine_photo_gallery	Coppermine	1.0_rc3 (including)	1.0_rc3 (including)
Coppermine_photo_gallery	Coppermine	1.1_.0 (including)	1.1_.0 (including)
Coppermine_photo_gallery	Coppermine	1.1_beta_2 (including)	1.1_beta_2 (including)
Coppermine_photo_gallery	Coppermine	1.2 (including)	1.2 (including)
Coppermine_photo_gallery	Coppermine	1.2.1 (including)	1.2.1 (including)
Coppermine_photo_gallery	Coppermine	1.2.2_b (including)	1.2.2_b (including)
Coppermine_photo_gallery	Coppermine	1.3 (including)	1.3 (including)
Coppermine_photo_gallery	Coppermine	1.3.2 (including)	1.3.2 (including)
Coppermine_photo_gallery	Coppermine	1.3.3 (including)	1.3.3 (including)

References

http://coppermine-gallery.net/forum/index.php?topic=20933.0
http://secunia.com/advisories/16499
http://securitytracker.com/id?1014799
http://www.securityfocus.com/bid/14625
http://coppermine-gallery.net/forum/index.php?topic=20933.0
http://secunia.com/advisories/16499
http://securitytracker.com/id?1014799
http://www.securityfocus.com/bid/14625

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2676
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html