Lucene search

[email protected]CVE-2009-3513

HistoryOct 01, 2009 - 2:30 p.m.

CVE-2009-3513

2009-10-0114:30:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-3513

cross-site scripting

xss

vulnerabilities

pg etraining

web security

remote injections

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.

Affected configurations

NVD

Node

pilotgrouppg_etraining

CPENameOperatorVersion
pilotgroup:pg_etrainingpilotgroup pg etrainingeq*

CPE	Name	Operator	Version
pilotgroup:pg_etraining	pilotgroup pg etraining	eq	*

References

packetstormsecurity.org/0907-exploits/etraining-xss.txt

www.securityfocus.com/bid/35834

exchange.xforce.ibmcloud.com/vulnerabilities/52072

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

Related for CVE-2009-3513

cvelist1 nvd1 prion1