Lucene search

MitreCVE-2009-1067

HistoryMar 26, 2009 - 5:51 a.m.

CVE-2009-1067

2009-03-2605:51:52

CWE-79

mitre

web.nvd.nist.gov

cve-2009-1067

cross-site scripting

xss vulnerability

pixie cms

index.php

web script injection

html injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

79.4%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter.

Affected configurations

Nvd

Node

getpixiepixie_cmsMatch1.01a

VendorProductVersionCPE
getpixiepixie_cms1.01acpe:2.3:a:getpixie:pixie_cms:1.01a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
getpixie	pixie_cms	1.01a	cpe:2.3:a:getpixie:pixie_cms:1.01a:::::::*

References

archives.neohapsis.com/archives/fulldisclosure/2009-03/0324.html

lampsecurity.org/Pixie-CMS-Multiple-Vulnerabilities

osvdb.org/52832

secunia.com/advisories/34364

www.securityfocus.com/bid/34189

exchange.xforce.ibmcloud.com/vulnerabilities/49333

www.exploit-db.com/exploits/8252

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

79.4%

JSON

Related for CVE-2009-1067