CVE-2009-0814
published 2009-03-05CVE-2009-0814: Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.45%
70.1th percentile
Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blogsa | blogsa | <= 1.0beta3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code
exploitdb·2009-11-17·CVSS 5.0
CVE-2009-3840 [MEDIUM] HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code
HP OpenView Network Node Manager (OV NNM) 7.53 - Invalid DB Error Code
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
HP Openview NNM 7.53 Invalid DB Error Code vulnerability
1. *Advisory Information*
Title: HP Openview NNM 7.53 Invalid DB Error Code vulnerability
Advisory Id: CORE-2009-0814
Advisory URL:
http://www.coresecurity.com/content/openview_nnm_internaldb_dos
Date published: 2009-11-17
Date of last update: 2009-11-17
Vendors contacted: HP
Release mode: Coordinated release
2. *Vulnerability Information*
Class: External Initialization of Trusted Variables [CWE-454]
Impact: Denial of Service
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: N/A
CVE Name: CVE-2009-3840
3. *V
Exploit-DB
Blogsa 1.0 - 'Widgets.aspx' Cross-Site Scripting
exploitdb·2009-03-02
CVE-2009-0814 Blogsa 1.0 - 'Widgets.aspx' Cross-Site Scripting
Blogsa 1.0 - 'Widgets.aspx' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/33957/info
Blogsa is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Blogsa 1.0 Beta 3 is vulnerable; other versions may also be affected.
http://www.example.com/Widgets.aspx?w=Search&p=do&searchText=alert(document.cookie)
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/501382/100/0/threadedhttp://www.securityfocus.com/bid/33957https://exchange.xforce.ibmcloud.com/vulnerabilities/49024http://www.securityfocus.com/archive/1/501382/100/0/threadedhttp://www.securityfocus.com/bid/33957https://exchange.xforce.ibmcloud.com/vulnerabilities/49024
2009-03-05
Published