CVE-2009-2780

EUVD-2009-2770
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
68_classifieds68_classifieds
4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/0907-exploits/68classifieds-xss.txt
http://secunia.com/advisories/36034
http://www.osvdb.org/56564
http://www.osvdb.org/56565
http://www.osvdb.org/56566
http://www.osvdb.org/56567
http://www.osvdb.org/56568
http://www.osvdb.org/56569
https://exchange.xforce.ibmcloud.com/vulnerabilities/52071
http://packetstormsecurity.org/0907-exploits/68classifieds-xss.txt
http://secunia.com/advisories/36034
http://www.osvdb.org/56564
http://www.osvdb.org/56565
http://www.osvdb.org/56566
http://www.osvdb.org/56567
http://www.osvdb.org/56568
http://www.osvdb.org/56569
https://exchange.xforce.ibmcloud.com/vulnerabilities/52071