CVE-2009-2785

Опубликовано: 17 авг. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php.

Ссылки

http://osvdb.org/56657
Exploit
http://osvdb.org/56658
Exploit
http://osvdb.org/56659
Exploit
http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt
http://secunia.com/advisories/35929
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52123
http://osvdb.org/56657
Exploit
http://osvdb.org/56658
Exploit
http://osvdb.org/56659
Exploit
http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt
http://secunia.com/advisories/35929
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52123

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:classifiedphpscript:php_open_classifieds_script:*:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00515

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w6cg-32qr-cwmq

github

почти 4 года назад