{"id": "EDB-ID:34643", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Silurus Classifieds category.php ID Parameter XSS", "description": "Silurus Classifieds category.php ID Parameter XSS. CVE-2009-4983. Webapps exploit for php platform", "published": "2009-08-06T00:00:00", "modified": "2009-08-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/34643/", "reporter": "Moudi", "references": [], "cvelist": ["CVE-2009-4983"], "lastseen": "2016-02-03T23:38:23", "viewCount": 1, "enchantments": {"score": {"value": 4.8, "vector": "NONE", "modified": "2016-02-03T23:38:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-4983"]}, {"type": "exploitdb", "idList": ["EDB-ID:34645", "EDB-ID:34644"]}], "modified": "2016-02-03T23:38:23", "rev": 2}, "vulnersScore": 4.8}, "sourceHref": "https://www.exploit-db.com/download/34643/", "sourceData": "source: http://www.securityfocus.com/bid/43278/info\r\n\r\nSilurus System is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.\r\n\r\nSilurus System 1.0 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/category.php?ID=\"><script>alert(document.cookie);</script>", "osvdbidlist": ["56796"]}

{"cve": [{"lastseen": "2020-10-03T11:54:20", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php.", "edition": 3, "cvss3": {}, "published": "2010-08-25T20:00:00", "title": "CVE-2009-4983", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4983"], "modified": "2010-08-25T20:00:00", "cpe": ["cpe:/a:snowhall:silurus_system:1.0"], "id": "CVE-2009-4983", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4983", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:snowhall:silurus_system:1.0:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-03T23:38:32", "description": "Silurus Classifieds wcategory.php ID Parameter XSS. CVE-2009-4983. Webapps exploit for php platform", "published": "2009-08-06T00:00:00", "type": "exploitdb", "title": "Silurus Classifieds wcategory.php ID Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4983"], "modified": "2009-08-06T00:00:00", "id": "EDB-ID:34644", "href": "https://www.exploit-db.com/exploits/34644/", "sourceData": "source: http://www.securityfocus.com/bid/43278/info\r\n \r\nSilurus System is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.\r\n \r\nSilurus System 1.0 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/wcategory.php?ID=\"><script>alert(document.cookie);</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/34644/"}, {"lastseen": "2016-02-03T23:38:41", "description": "Silurus Classifieds search.php keywords Parameter XSS. CVE-2009-4983. Webapps exploit for php platform", "published": "2009-08-06T00:00:00", "type": "exploitdb", "title": "Silurus Classifieds search.php keywords Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4983"], "modified": "2009-08-06T00:00:00", "id": "EDB-ID:34645", "href": "https://www.exploit-db.com/exploits/34645/", "sourceData": "source: http://www.securityfocus.com/bid/43278/info\r\n \r\nSilurus System is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.\r\n \r\nSilurus System 1.0 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/search.php?go=1&keywords=\"><script>alert(document.cookie);</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/34645/"}]}