Lucene search

[email protected]CVE-2009-4570

HistoryJan 05, 2010 - 7:00 p.m.

CVE-2009-4570

2010-01-0519:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-4570

cross-site scripting

xss

phpshop 0.8.1

remote attackers

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.1%

JSON

Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI.

Affected configurations

NVD

Node

phpshopphpshopMatch0.8.1

CPENameOperatorVersion
phpshop:phpshopphpshopeq0.8.1

CPE	Name	Operator	Version
phpshop:phpshop	phpshop	eq	0.8.1

References

secunia.com/advisories/31948

www.andreafabrizi.it/?exploits:phpshop

www.securityfocus.com/archive/1/508270/100/0/threaded

www.securityfocus.com/bid/37227

exchange.xforce.ibmcloud.com/vulnerabilities/54589

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.1%

JSON

Related for CVE-2009-4570

cvelist1 nvd1 openvas2 prion1