CVE-2009-4859

EUVD-2009-4822
Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
onlinetechtools.comowos_lite
3.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt
http://secunia.com/advisories/36244
http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt
http://secunia.com/advisories/36244