Lucene search

MitreCVE-2009-4690

HistoryMar 10, 2010 - 10:30 p.m.

CVE-2009-4690

2010-03-1022:30:00

CWE-79

mitre

web.nvd.nist.gov

cve-2009-4690

cross-site scripting

xss

yourfreeworld

rating script

security vulnerabilities

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

79.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.

Affected configurations

Nvd

Node

yourfreeworldprograms_rating_script

VendorProductVersionCPE
yourfreeworldprograms_rating_script*cpe:2.3:a:yourfreeworld:programs_rating_script:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yourfreeworld	programs_rating_script	*	cpe:2.3:a:yourfreeworld:programs_rating_script::::::::

References

osvdb.org/56076

osvdb.org/56077

packetstormsecurity.org/0907-exploits/programsrating-xss.txt

secunia.com/advisories/35918

www.securityfocus.com/bid/35746

www.vupen.com/english/advisories/2009/1967

exchange.xforce.ibmcloud.com/vulnerabilities/51880

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

79.1%

JSON

Related for CVE-2009-4690