Lucene search

MitreCVE-2009-3225

HistorySep 16, 2009 - 7:30 p.m.

CVE-2009-3225

2009-09-1619:30:00

CWE-79

mitre

web.nvd.nist.gov

xss

almondsoft

almond classifieds

wap

pro

affiliate network

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

57.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

almondsoftalmond_classifiedspro

almondsoftalmond_classifiedswap

VendorProductVersionCPE
almondsoftalmond_classifieds*cpe:2.3:a:almondsoft:almond_classifieds:*:*:pro:*:*:*:*:*
almondsoftalmond_classifieds*cpe:2.3:a:almondsoft:almond_classifieds:*:*:wap:*:*:*:*:*

Vendor	Product	Version	CPE
almondsoft	almond_classifieds	*	cpe:2.3:a:almondsoft:almond_classifieds:::pro:::::*
almondsoft	almond_classifieds	*	cpe:2.3:a:almondsoft:almond_classifieds:::wap:::::*

References

packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt

secunia.com/advisories/36003

www.securityfocus.com/bid/35816

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

57.5%

JSON

Related for CVE-2009-3225