CVE-2009-4690

Опубликовано: 10 мар. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.

Ссылки

http://osvdb.org/56076
http://osvdb.org/56077
http://packetstormsecurity.org/0907-exploits/programsrating-xss.txt
Exploit
http://secunia.com/advisories/35918
Vendor Advisory
http://www.securityfocus.com/bid/35746
http://www.vupen.com/english/advisories/2009/1967
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51880
http://osvdb.org/56076
http://osvdb.org/56077
http://packetstormsecurity.org/0907-exploits/programsrating-xss.txt
Exploit
http://secunia.com/advisories/35918
Vendor Advisory
http://www.securityfocus.com/bid/35746
http://www.vupen.com/english/advisories/2009/1967
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51880

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yourfreeworld:programs_rating_script:*:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04341

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-f2fm-4956-xvcv

github

почти 4 года назад