Lucene search

[email protected]CVE-2009-4690

HistoryMar 10, 2010 - 10:30 p.m.

CVE-2009-4690

2010-03-1022:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-4690

cross-site scripting

xss

yourfreeworld

rating script

security vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.

Affected configurations

NVD

Node

yourfreeworldprograms_rating_script

CPENameOperatorVersion
yourfreeworld:programs_rating_scriptyourfreeworld programs rating scripteq*

CPE	Name	Operator	Version
yourfreeworld:programs_rating_script	yourfreeworld programs rating script	eq	*

References

osvdb.org/56076

osvdb.org/56077

packetstormsecurity.org/0907-exploits/programsrating-xss.txt

secunia.com/advisories/35918

www.securityfocus.com/bid/35746

www.vupen.com/english/advisories/2009/1967

exchange.xforce.ibmcloud.com/vulnerabilities/51880

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.2%

JSON

Related for CVE-2009-4690

cvelist1 nvd1 prion1