CVE-2009-4984

{"id": "CVE-2009-4984", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-08-25T20:00:14.440", "references": [{"url": "http://secunia.com/advisories/36148", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/9370", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Accessories Me PHP Affiliate Script v1.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro (1) keywords sobre search.php y (2) SearchIndex sobre browse.php."}], "lastModified": "2017-09-19T01:30:08.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:websitesrus:accessories_me_php_affiliate_script:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DECE77F-B83C-4E08-9542-C0BD5317DCC3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}