CVE-2009-1845
published 2009-06-01CVE-2009-1845: Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.51%
71.3th percentile
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lussumo | vanilla | — | — |
| lussumo | vanilla | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Lussumo Vanilla 1.1.5/1.1.7 - 'updatecheck.php' Cross-Site Scripting
exploitdb·2009-05-15
CVE-2009-1845 Lussumo Vanilla 1.1.5/1.1.7 - 'updatecheck.php' Cross-Site Scripting
Lussumo Vanilla 1.1.5/1.1.7 - 'updatecheck.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/35124/info
Vanilla is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Vanilla 1.1.8 are vulnerable.
http://www.example.com/ajax/updatecheck.php?PostBackKey=1&ExtensionKey=1&RequestName=1alert(123)
Exploit-DB
WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting
exploitdb·2009-03-10
CVE-2009-1030 WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting
WordPress MU
1833
1834
1835
1836
1837 ID );
1839 if( count( $all_blogs ) > 1 ) {
1840 $primary_blog = get_usermeta($current_user->ID,
'primary_blog');
1841 ?>
1842
1843
1844 userblog_id
?>'userblog_id ) echo '
selected="selected"' ?>>http://domain.$blog->path
?>
1845
1846
1847
1852
1853
1854
1855 "
http://www.example.com/wp-admin/profile.php> tmp.html
$ firefox tmp.html
The javascript code will be executed in the context of the victim
browser, this can be exploited to steal cookies and escalate
privileges to administrator.
Tested with Wordpress MU 2.6.5, Apache 2.2 and Mozilla Firefox 3.0.6
V. BUSINESS IMPACT
The impact is the attacker can gain administrator privileges on the
application.
VI. SYSTEMS AFFECTED
Versions prior to 2.7 are affected
VII. SOLUTION
Upgrade to version 2.7 of w
No writeups or analysis indexed.
http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.htmlhttp://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0http://secunia.com/advisories/35234http://www.securityfocus.com/archive/1/503847/100/0/threadedhttp://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.htmlhttp://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0http://secunia.com/advisories/35234http://www.securityfocus.com/archive/1/503847/100/0/threaded
2009-06-01
Published