CVE-2014-4612

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt", "name": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt", "tags": ["Release Notes"], "refsource": "CONFIRM"}, {"url": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt", "name": "https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt", "tags": ["Release Notes"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/68140", "name": "68140", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://sourceforge.net/p/coppermine/code/8674", "name": "http://sourceforge.net/p/coppermine/code/8674", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://seclists.org/oss-sec/2014/q2/620", "name": "[oss-security] 20140624 Re: CVE request: XSS in coppermine gallery before 1.5.28", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://seclists.org/oss-sec/2014/q2/608", "name": "[oss-security] 20140623 CVE request: XSS in coppermine gallery before 1.5.28", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html", "name": "http://forum.coppermine-gallery.net/index.php/topic,77376.0.html", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-4612", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}}, "publishedDate": "2018-03-16T17:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.5.28"}, {"cpe23Uri": "cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.6.01", "versionStartIncluding": "1.6.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-04-09T13:58Z"}