CVE-2009-4366
published 2009-12-21CVE-2009-4366: Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.52%
71.5th percentile
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| scriptsez | ez_blog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities
exploitdb·2009-12-15
CVE-2009-4366 Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities
Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities
---
[#-----------------------------------------------------------------------------------------------#]
[#] Title: Ez Cart Multiple XSRF Vulnerabilities
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail.com
[#] Date: 15. December 2009.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: Ez Cart
[#] Version: 1.0
[#] Platform: PHP
[#] Link: http://www.scriptsez.net/?action=details&cat=Content%20Management&id=2472658093
[#] Price: 25 USD
[#] Vulnerability: Multiple XSRF Vulnerabilities
[#-----------------------------------------------------------------------------------------------#]
[#]Content
|--Remove item by id
|--Remove member by id (not test
Exploit-DB
Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
exploitdb·2009-12-15
CVE-2009-4366 Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
---
[#-----------------------------------------------------------------------------------------------#]
[#] Title: Ez Blog (XSS/XSRF) Multiple Vulnerabilities
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail.com
[#] Date: 15. December 2009.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: Ez Blog
[#] Version: 1.0
[#] Platform: PHP
[#] Link: link:http://www.scriptsez.net/?action=details&cat=Content%20Management&id=2579678051
[#] Price: 15 USD
[#] Vulnerability: XSS And Multiple XSRF Vulnerabilities
[#-----------------------------------------------------------------------------------------------#]
[#]Content
|--XSS in front end
|--Admin panel
|
No writeups or analysis indexed.
http://osvdb.org/61113http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txthttp://secunia.com/advisories/37743https://exchange.xforce.ibmcloud.com/vulnerabilities/54894http://osvdb.org/61113http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txthttp://secunia.com/advisories/37743https://exchange.xforce.ibmcloud.com/vulnerabilities/54894
2009-12-21
Published