CVE-2009-1461

{"id": "CVE-2009-1461", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-04-28T16:30:03.687", "references": [{"url": "http://marc.info/?l=full-disclosure&m=123998062108561&w=2", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://razorcms.co.uk/support/viewtopic.php?f=13&t=325", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/34854", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50357", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=full-disclosure&m=123998062108561&w=2", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://razorcms.co.uk/support/viewtopic.php?f=13&t=325", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/34854", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50357", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el formulario Create New Page en razorCMS v0.3 RC2 y anteriores permite a usuarios remotos autenticados inyectar scripts web arbitrarios o HTML a trav\u00e9s del campo Page Title."}], "lastModified": "2024-11-21T01:02:31.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:razorcms:razorcms:*:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5571FE14-5D75-41F7-9C41-96FBC0F79382", "versionEndIncluding": "0.3"}, {"criteria": "cpe:2.3:a:razorcms:razorcms:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D9EDF45-CA3B-44B8-A87E-99083223007C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}