Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.org/0907-exploits/xzero-xss.txt | Exploit |
| http://secunia.com/advisories/35996 | Vendor Advisory |
| http://www.securityfocus.com/bid/35809 | Exploit |
| http://www.vupen.com/english/advisories/2009/2010 | Vendor Advisory |
| http://packetstormsecurity.org/0907-exploits/xzero-xss.txt | Exploit |
| http://secunia.com/advisories/35996 | Vendor Advisory |
| http://www.securityfocus.com/bid/35809 | Exploit |
| http://www.vupen.com/english/advisories/2009/2010 | Vendor Advisory |
Configurations
History
21 Nov 2024, 01:05
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://packetstormsecurity.org/0907-exploits/xzero-xss.txt - Exploit | |
| References | () http://secunia.com/advisories/35996 - Vendor Advisory | |
| References | () http://www.securityfocus.com/bid/35809 - Exploit | |
| References | () http://www.vupen.com/english/advisories/2009/2010 - Vendor Advisory |
Information
Published : 2009-08-20 17:30
Updated : 2024-11-21 01:05
NVD link : CVE-2009-2893
Mitre link : CVE-2009-2893
CVE.ORG link : CVE-2009-2893
JSON object : View
Products Affected
xzeroscripts
- xzero_community_classifieds
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')