maolu has already resolved the issues he/she experienced: it wasn't coppermine acting up, but improper proxy settings. The whole issue is not related to the XSS vulnerability nor the fix, so I'm marking the postings that deal with it as "invalid".
@all: please do only reply to announcement threads like this one if you have something to say that everyone could benefit from (e.g. a broken link or similar). Individual issues you might consider to be related to XSS vulnerabilities should not go into this thread - start a new thread instead on the support board. Help us to keep announcement threads clean and focused on the issues they deal with. If announcement threads drift to much or contain irrelevant information, other users might miss important stuff because of the "background noise". We had to lock most announcement threads soon after they were started because people replied with irrelevant issues. Try not to mess with this thread as well, it'd be a pity if we had to lock it as we had to in the past.