CVE-2009-2928
published 2009-08-21CVE-2009-2928: Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.22%
64.8th percentile
Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 3.11.0 < 5.10.248 | 5.10.248 |
| linux | linux_kernel | >= 5.11.0 < 5.15.198 | 5.15.198 |
| linux | linux_kernel | >= 5.16.0 < 6.1.160 | 6.1.160 |
| linux | linux_kernel | >= 6.13.0 < 6.18.4 | 6.18.4 |
| linux | linux_kernel | >= 6.2.0 < 6.6.120 | 6.6.120 |
| linux | linux_kernel | >= 6.7.0 < 6.12.64 | 6.12.64 |
| tgs-cms | tgs_content_management | — | — |
| tgs-cms | tgs_content_management | — | — |
| tgs-cms | tgs_content_management | — | — |
| tgs-cms | tgs_content_management | — | — |
| tgs-cms | tgs_content_management | — | — |
| tgs-cms | tgs_content_management | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
team: fix check for port enabled in team_queue_override_port_prio_changed()
osv·2026-01-13·CVSS 7.8
CVE-2025-71091 team: fix check for port enabled in team_queue_override_port_prio_changed()
team: fix check for port enabled in team_queue_override_port_prio_changed()
In the Linux kernel, the following vulnerability has been resolved:
team: fix check for port enabled in team_queue_override_port_prio_changed()
There has been a syzkaller bug reported recently with the following
trace:
list_del corruption, ffff888058bea080->prev is LIST_POISON2 (dead000000000122)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:59!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 3 UID: 0 PID: 21246 Comm: syz.0.2928 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__list_del_entry_valid_or_report+0x13e/0x200 lib/list_debug.c:59
Code: 48 c7 c7 e0 71 f0 8b e8 30 08 ef fc 90 0f
GHSA
GHSA-5whj-vff8-jw8g: Cross-site scripting (XSS) vulnerability in login
ghsa_unreviewed·2022-05-02·CVSS 4.3
CVE-2009-2928 [MEDIUM] CWE-79 GHSA-5whj-vff8-jw8g: Cross-site scripting (XSS) vulnerability in login
Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839.
No detection rules found.
No writeups or analysis indexed.
2009-08-21
Published