CVE-2009-2163

2009-06-2220:00:00

mitre

www.cve.org

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

51.2%

JSON

Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter.

References

forum.intern0t.net/intern0t-advisories/1082-intern0t-sitecore-net-6-0-0-cross-site-scripting-vulnerability.html

secunia.com/advisories/35353

www.securityfocus.com/archive/1/504093/100/0/threaded

www.securityfocus.com/archive/1/504132/100/0/threaded