Lucene search
Steve KempEDB-ID:33219HistorySep 11, 2009 - 12:00 a.m.
Planet 2.0 - HTML Injection
2009-09-1100:00:00
Steve Kemp
www.exploit-db.com
15
source: https://www.securityfocus.com/bid/36392/info
Planet is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.
Planet 2.0 is affected; other versions may also be vulnerable.
The following example code is available:
<img src="javascript:alert(1);" > Related
nessus
nessus
Fedora 10 : planet-2.0-10.fc10 (2009-9601)
2009-09-16 00:00:00
Fedora 11 : planet-2.0-10.fc11 (2009-9575)
2009-09-16 00:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-9601 (planet)
2009-09-15 00:00:00
Fedora Core 11 FEDORA-2009-9575 (planet)
2009-09-15 00:00:00
Fedora Core 11 FEDORA-2009-9575 (planet)
2009-09-15 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: planet-2.0-10.fc10
2009-09-15 07:48:29
[SECURITY] Fedora 11 Update: planet-2.0-10.fc11
2009-09-15 07:44:01
cve
cve
CVE-2009-2937
2009-09-18 10:30:01
nvd
nvd
CVE-2009-2937
2009-09-18 10:30:01
prion
prion
Cross site scripting
2009-09-18 10:30:00
ubuntucve
ubuntucve
CVE-2009-2937
2009-09-18 00:00:00
debiancve
debiancve
CVE-2009-2937
2022-10-03 16:24:07
redhatcve
redhatcve
CVE-2009-2937
2019-10-04 22:03:55
cvelist
cvelist
CVE-2009-2937
2009-09-18 10:00:00