CVE-2009-1225
published 2009-04-02CVE-2009-1225: Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.19%
64.0th percentile
Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| platinumprofitzone | turnkey_ebook_store | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Virtual PC Hypervisor - Memory Protection
exploitdb·2010-03-17
CVE-2010-1225 Virtual PC Hypervisor - Memory Protection
Virtual PC Hypervisor - Memory Protection
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Virtual PC Hypervisor Memory Protection Vulnerability
1. *Advisory Information*
Title: Virtual PC Hypervisor Memory Protection Vulnerability
Advisory Id: CORE-2009-0803
Advisory URL:
http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug
Date published: 2010-03-16
Date of last update: 2010-03-16
Vendors contacted: Microsoft
Release mode: User release
2. *Vulnerability Information*
Class: Improper Access Control [CWE-285]
Impact: Security bypass
Remotely Exploitable: No
Locally Exploitable: Yes
Bugtraq ID: 38764
CVE Name: N/A
3. *Vulnerability Description*
Windows Virtual PC
Exploit-DB
Turnkey eBook Store 1.1 - 'keywords' Cross-Site Scripting
exploitdb·2009-03-31
CVE-2009-1225 Turnkey eBook Store 1.1 - 'keywords' Cross-Site Scripting
Turnkey eBook Store 1.1 - 'keywords' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/34324/info
Turnkey eBook Store is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.
Turnkey eBook Store 1.1 is vulnerable; other versions may also be affected.
http://www.example.com/index.php?cmd=search&keywords=">alert('XSS')
http://www.example.com/index.php?cmd=search&keywords=
No writeups or analysis indexed.
2009-04-02
Published