exploitDog

CVE-2009-4926

Опубликовано: 12 июл. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.

Ссылки

http://packetstorm.linuxsecurity.com/0904-exploits/ocm30-xss.txt
Exploit
http://secunia.com/advisories/34826
Vendor Advisory
http://www.securityfocus.com/bid/34626
Exploit
http://packetstorm.linuxsecurity.com/0904-exploits/ocm30-xss.txt
Exploit
http://secunia.com/advisories/34826
Vendor Advisory
http://www.securityfocus.com/bid/34626
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:esoftpro:online_contact_manager:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00226

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6vcw-5c7w-wjjm

github

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.

EPSS

Процентиль: 45%

0.00226

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79