[VIM] BID 48170 Confusion

George A. Theall theall at tenable.com
Wed Jun 8 20:14:56 CDT 2011


I'm confused by BID 48170.  The discussion says there's an unspecified  
XSS vulnerability in Coppermine Photo Gallery and that versions before  
1.4.27 and 1.5.12 are affected.

The 1.4.27 release announcement referenced in the BID shows it was  
published in May 20th, 2010 and credits Ilja van Sprundel for  
discovering the vulnerability.

The 1.5.12 release announcement referenced in the BID shows it was  
published in January 2nd, 2011 and credits Janek Vind.

Are these really referring to the same issue? Rob?

Also for what it's worth, BID 45600 concerns a set of XSS  
vulnerabilities reported by Janek Vind at the very end of 2010 in  
Coppermine 1.5.10.  SecurityFocus doesn't have any info on a fix, but  
Secunia in SA42751 reports the issues were addressed in 1.5.12.

George
-- 
theall at tenablesecurity.com





More information about the VIM mailing list