CVE-2009-3004
published 2009-08-28CVE-2009-3004: Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
0.89%
54.9th percentile
Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avant_force | avant_browser | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2009-08-28
Published