{"bulletinFamily": "exploit", "id": "EDB-ID:33301", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "lastseen": "2016-02-03T18:54:06", "edition": 1, "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/profile.php/\"><script>alert(1)</script>", "published": "2009-10-21T00:00:00", "href": "https://www.exploit-db.com/exploits/33301/", "osvdbidlist": ["59308"], "reporter": "Amol Naik", "hash": "d77d6996c1d186cfc23a68c05bf196be4c8ee45b14180df26e4fff7c7028f63f", "title": "OpenDocMan 1.2.5 profile.php XSS", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "OpenDocMan 1.2.5 profile.php XSS. CVE-2009-3789. Webapps exploit for php platform", "references": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33301/", "enchantments": {"vulnersScore": 6.1}}

{"result": {"cve": [{"id": "CVE-2009-3789", "type": "cve", "title": "CVE-2009-3789", "description": "Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.", "published": "2009-10-26T13:30:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3789", "cvelist": ["CVE-2009-3789"], "lastseen": "2017-08-17T11:14:31"}], "exploitdb": [{"id": "EDB-ID:33297", "type": "exploitdb", "title": "OpenDocMan 1.2.5 index.php last_message Parameter XSS", "description": "OpenDocMan 1.2.5 index.php last_message Parameter XSS. CVE-2009-3789. Webapps exploit for php platform", "published": "2009-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33297/", "cvelist": ["CVE-2009-3789"], "lastseen": "2016-02-03T18:53:37"}, {"id": "EDB-ID:33299", "type": "exploitdb", "title": "OpenDocMan 1.2.5 category.php XSS", "description": "OpenDocMan 1.2.5 category.php XSS. CVE-2009-3789. Webapps exploit for php platform", "published": "2009-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33299/", "cvelist": ["CVE-2009-3789"], "lastseen": "2016-02-03T18:53:52"}, {"id": "EDB-ID:33302", "type": "exploitdb", "title": "OpenDocMan 1.2.5 rejects.php XSS", "description": "OpenDocMan 1.2.5 rejects.php XSS. CVE-2009-3789 . Webapps exploit for php platform", "published": "2009-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33302/", "cvelist": ["CVE-2009-3789"], "lastseen": "2016-02-03T18:54:14"}, {"id": "EDB-ID:33305", "type": "exploitdb", "title": "OpenDocMan 1.2.5 view_file.php XSS", "description": "OpenDocMan 1.2.5 view_file.php XSS. CVE-2009-3789. Webapps exploit for php platform", "published": "2009-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33305/", "cvelist": ["CVE-2009-3789"], "lastseen": "2016-02-03T18:54:39"}, {"id": "EDB-ID:33296", "type": "exploitdb", "title": "OpenDocMan 1.2.5 toBePublished.php Multiple Parameter XSS", "description": "OpenDocMan 1.2.5 toBePublished.php Multiple Parameter XSS. CVE-2009-3789. Webapps exploit for php platform", "published": "2009-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33296/", "cvelist": ["CVE-2009-3789"], "lastseen": "2016-02-03T18:53:29"}, {"id": "EDB-ID:33300", "type": "exploitdb", "title": "OpenDocMan 1.2.5 department.php XSS", "description": "OpenDocMan 1.2.5 department.php XSS. CVE-2009-3789 . Webapps exploit for php platform", "published": "2009-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33300/", "cvelist": ["CVE-2009-3789"], "lastseen": "2016-02-03T18:53:59"}, {"id": "EDB-ID:33303", "type": "exploitdb", "title": "OpenDocMan 1.2.5 - search.php XSS", "description": "OpenDocMan 1.2.5 search.php XSS. CVE-2009-3789. Webapps exploit for php platform", "published": "2009-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33303/", "cvelist": ["CVE-2009-3789"], "lastseen": "2016-02-03T18:54:23"}, {"id": "EDB-ID:33304", "type": "exploitdb", "title": "OpenDocMan 1.2.5 user.php XSS", "description": "OpenDocMan 1.2.5 user.php XSS. CVE-2009-3789. Webapps exploit for php platform", "published": "2009-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33304/", "cvelist": ["CVE-2009-3789"], "lastseen": "2016-02-03T18:54:32"}, {"id": "EDB-ID:33298", "type": "exploitdb", "title": "OpenDocMan 1.2.5 admin.php last_message Parameter XSS", "description": "OpenDocMan 1.2.5 admin.php last_message Parameter XSS. CVE-2009-3789. Webapps exploit for php platform", "published": "2009-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33298/", "cvelist": ["CVE-2009-3789"], "lastseen": "2016-02-03T18:53:44"}, {"id": "EDB-ID:33295", "type": "exploitdb", "title": "OpenDocMan 1.2.5 add.php last_message Parameter XSS", "description": "OpenDocMan 1.2.5 add.php last_message Parameter XSS. CVE-2009-3789. Webapps exploit for php platform", "published": "2009-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33295/", "cvelist": ["CVE-2009-3789"], "lastseen": "2016-02-03T18:53:22"}], "openvas": [{"id": "OPENVAS:900885", "type": "openvas", "title": "OpenDocMan Multiple XSS and SQL Injection Vulnerabilities", "description": "This host is running OpenDocMan and is prone to multiple Cross-Site\n Scripting and SQL Injection vulnerabilities.", "published": "2009-10-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=900885", "cvelist": ["CVE-2009-3801", "CVE-2009-3789", "CVE-2009-3788"], "lastseen": "2017-07-02T21:14:12"}, {"id": "OPENVAS:1361412562310900885", "type": "openvas", "title": "OpenDocMan Multiple XSS and SQL Injection Vulnerabilities", "description": "This host is running OpenDocMan and is prone to multiple Cross-Site\n Scripting and SQL Injection vulnerabilities.", "published": "2009-10-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900885", "cvelist": ["CVE-2009-3801", "CVE-2009-3789", "CVE-2009-3788"], "lastseen": "2018-04-06T11:39:51"}]}}