CVE-2015-6528 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username (2) admin_password (3) admin_email (4) dbserver (5) dbname (6) dbuser (7) dbpass (8) table_prefix or (9) impath parameter.

Reference

http://packetstormsecurity.com/files/133059/Coppermine-Photo-Gallery-1.5.36-Cross-Site-Scripting.html