[VIM] BID 48170 Confusion
George A. Theall
theall at tenable.com
Wed Jun 8 20:14:56 CDT 2011
I'm confused by BID 48170. The discussion says there's an unspecified
XSS vulnerability in Coppermine Photo Gallery and that versions before
1.4.27 and 1.5.12 are affected.
The 1.4.27 release announcement referenced in the BID shows it was
published in May 20th, 2010 and credits Ilja van Sprundel for
discovering the vulnerability.
The 1.5.12 release announcement referenced in the BID shows it was
published in January 2nd, 2011 and credits Janek Vind.
Are these really referring to the same issue? Rob?
Also for what it's worth, BID 45600 concerns a set of XSS
vulnerabilities reported by Janek Vind at the very end of 2010 in
Coppermine 1.5.10. SecurityFocus doesn't have any info on a fix, but
Secunia in SA42751 reports the issues were addressed in 1.5.12.
theall at tenablesecurity.com
More information about the VIM