Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
References
Link | Resource |
---|---|
http://packetstorm.linuxsecurity.com/0904-exploits/ocm30-xss.txt | Exploit |
http://secunia.com/advisories/34826 | Vendor Advisory |
http://www.securityfocus.com/bid/34626 | Exploit |
Configurations
History
No history.
Information
Published : 2010-07-12 13:27
Updated : 2024-02-28 11:41
NVD link : CVE-2009-4926
Mitre link : CVE-2009-4926
CVE.ORG link : CVE-2009-4926
JSON object : View
Products Affected
esoftpro
- online_contact_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')