CVE-2009-4266

Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
yabsoftadvanced_image_hosting_script
2.2
yabsoftadvanced_image_hosting_script
2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/34366
http://www.exploit-db.com/exploits/10336
https://exchange.xforce.ibmcloud.com/vulnerabilities/54582
http://secunia.com/advisories/34366
http://www.exploit-db.com/exploits/10336
https://exchange.xforce.ibmcloud.com/vulnerabilities/54582