Lucene search

[email protected]CVE-2009-4888

HistoryJun 11, 2010 - 2:30 p.m.

CVE-2009-4888

2010-06-1114:30:16

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-4888

xss

phortail

poster.php

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) ti, and (4) txt parameters.

Affected configurations

NVD

Node

nskatephortailMatch1.2.1

CPENameOperatorVersion
nskate:phortailnskate phortaileq1.2.1

CPE	Name	Operator	Version
nskate:phortail	nskate phortail	eq	1.2.1

References

osvdb.org/52502

packetstormsecurity.org/0903-exploits/phortail-xss.txt

secunia.com/advisories/34203

www.securityfocus.com/bid/34038

www.vupen.com/english/advisories/2009/0631

exchange.xforce.ibmcloud.com/vulnerabilities/49143

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2009-4888

prion1 cvelist1 nvd1