CVE-2009-3225

EUVD-2009-3208
Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php.  NOTE: some of these details are obtained from third party information.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
almondsoftalmond_classifieds
*
almondsoftalmond_classifieds
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt
http://secunia.com/advisories/36003
http://www.securityfocus.com/bid/35816
http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt
http://secunia.com/advisories/36003
http://www.securityfocus.com/bid/35816