CVE-2009-2785

Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/56657	Exploit
http://osvdb.org/56658	Exploit
http://osvdb.org/56659	Exploit
http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt
http://secunia.com/advisories/35929	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52123

Configurations

Configuration 1 (hide)

cpe:2.3:a:classifiedphpscript:php_open_classifieds_script:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-08-17 16:30

Updated : 2024-02-28 11:21

NVD link : CVE-2009-2785

Mitre link : CVE-2009-2785

CVE.ORG link : CVE-2009-2785

JSON object : View

Products Affected

classifiedphpscript

php_open_classifieds_script

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2009-2785", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-08-17T16:30:01.407", "references": [{"url": "http://osvdb.org/56657", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/56658", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/56659", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35929", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52123", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en PHP Open Classifieds Script, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) page to buy.php (2) id sobre contac.php y \"3) id sobre tellafriend.php."}], "lastModified": "2017-08-17T01:30:54.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:classifiedphpscript:php_open_classifieds_script:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06C948F-09A8-4369-AC39-27E3447CB8CB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}