CVE-2009-2780

{"id": "CVE-2009-2780", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-08-17T16:30:01.280", "references": [{"url": "http://packetstormsecurity.org/0907-exploits/68classifieds-xss.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36034", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/56564", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/56565", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/56566", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/56567", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/56568", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/56569", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52071", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de Ejecuci\u00f3n de secuencias de comandos en sitios cruzados en 68 Clasiffieds 4.1 permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s de (1) el par\u00e1metro cat en category.php, el par\u00e1metro view en (2) login.php y (3) viewlisting. php, el par\u00e1metro page en (4) searchresults.php y (5) toplistings.php, y (6) el par\u00e1metros member en viewmember.php."}], "lastModified": "2017-08-17T01:30:54.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:68_classifieds:68_classifieds:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8CD8AE2-78FB-441C-A1D9-89FD1152E547"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}