CVE-2009-2920
published 2009-08-21CVE-2009-2920: Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2)…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.22%
64.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elvinbts | elvinbts | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
exploitdb·2010-04-09
CVE-2010-2920 Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
---
Joomla Component Foobla Suggestions Local File Inclusion
Author : Chip D3 Bi0s
Email : chipdebios[alt+64]gmail.com
Date : April 08, 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : foobla Suggestions
version : 1.5.1.2
Developer : foobla
License : GPL type : Commercial
Date Added : Dec 21, 2009
Download : http://foobla.com/products/featured-joomla-extensions/foobla-suggestions-for-joomla.html
Description :
Have you ever used Uservoice? Would you like to have something similar on Joomla but with unlimited features and no monthly fee?
The foobla Suggestions allows you to collect ideas, suggestions, a
Exploit-DB
elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting
exploitdb·2009-08-03
CVE-2009-2920 elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting
elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting
---
_00000__00000__00000__00000__0___0__00000____0___0___000___0___0_
_0______0___0__0___0__0______00_00__0________00_00__0___0__00_00_
_0000___00000__00000__00000__0_0_0__00000____0_0_0__0___0__0_0_0_
_____0______0______0__0______0___0__0________0___0__00000__0___0_
_0000___00000__00000__00000__0___0__00000____0___0__0___0__0___0_
# [+] Elvin BTS 1.2.2 (SQL/XSS) Multiple Remote Vulnerabilities
# [+] Software : Elvin BTS
# [+] Author : 599eme Man
# [+] Contact : [email protected]
# [+] Thanks : Moudi, Neocoderz, Sheiry, Shimik Root aka Str0zen, Pr0H4ck3rz, Staker, Security-shell...
# [+] Special : Moudi my Brozazaaaaaaaaaaaa
# [+] Download : http://www.elvinbts.org/?Download
#
#[---------------------------------------------------------
No writeups or analysis indexed.
2009-08-21
Published