CVE-2009-4926

Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:esoftpro:online_contact_manager:3.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-07-12 13:27

Updated : 2024-02-28 11:41


NVD link : CVE-2009-4926

Mitre link : CVE-2009-4926

CVE.ORG link : CVE-2009-4926


JSON object : View

Products Affected

esoftpro

  • online_contact_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')