Lucene search

MitreCVELIST:CVE-2009-5142

HistoryAug 21, 2014 - 11:00 p.m.

CVE-2009-5142

2014-08-2123:00:00

mitre

www.cve.org

timthumb

xss

vulnerability

cve-2009-5142

mimbo pro

remote attackers

web script

html

src parameter

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

58.4%

JSON

Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.

References

packetstormsecurity.com/files/127724/WordPress-Gamespeed-Theme-Cross-Site-Scripting.html

www.osvdb.org/71878

code.google.com/p/timthumb/issues/detail?id=49

code.google.com/p/timthumb/source/detail?r=65