exploitDog

CVE-2009-3539

Опубликовано: 02 окт. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.

Ссылки

http://packetstormsecurity.org/0907-exploits/ultraclassifieds-xss.txt
Exploit
http://secunia.com/advisories/35857
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1965
Vendor Advisory
http://packetstormsecurity.org/0907-exploits/ultraclassifieds-xss.txt
Exploit
http://secunia.com/advisories/35857
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1965
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yourfreeworld:ultra_classifieds_pro:*:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00437

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jv7c-49x2-c3r3

github

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.

EPSS

Процентиль: 63%

0.00437

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79