Lucene search

[email protected]CVE-2009-4554

HistoryJan 04, 2010 - 9:30 p.m.

CVE-2009-4554

2010-01-0421:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-4554

cross-site scripting

xss

snitz forums

nvd

security vulnerabilities

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.

CPENameOperatorVersion
snitz_communications:snitz_forums_2000snitz communications snitz forums 2000eq3.4.07

CPE	Name	Operator	Version
snitz_communications:snitz_forums_2000	snitz communications snitz forums 2000	eq	3.4.07

References

secunia.com/advisories/35733

www.securityfocus.com/archive/1/507207/100/0/threaded

www.securityfocus.com/bid/36710

www.vupen.com/english/advisories/2009/2957

exchange.xforce.ibmcloud.com/vulnerabilities/53803

exchange.xforce.ibmcloud.com/vulnerabilities/53804

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for CVE-2009-4554

openvas2 prion1 cvelist1