CVE-2009-4497
published 2010-01-07CVE-2009-4497: Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.22%
86.6th percentile
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| malcom_box | lxr_cross_referencer | <= 0.9.7 | — |
| malcom_box | lxr_cross_referencer | <= 0.9.6 | — |
| malcom_box | lxr_cross_referencer | — | — |
| malcom_box | lxr_cross_referencer | — | — |
| malcom_box | lxr_cross_referencer | — | — |
| malcom_box | lxr_cross_referencer | — | — |
| malcom_box | lxr_cross_referencer | — | — |
| malcom_box | lxr_cross_referencer | — | — |
| malcom_box | lxr_cross_referencer | — | — |
| malcom_box | lxr_cross_referencer | — | — |
| malcom_box | lxr_cross_referencer | — | — |
| malcom_box | lxr_cross_referencer | — | — |
| malcom_box | lxr_cross_referencer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r3vj-797j-jpmw: Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-1625 [MEDIUM] CWE-79 GHSA-r3vj-797j-jpmw: Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448.
GHSA
GHSA-68ww-p354-x3m2: Cross-site scripting (XSS) vulnerability in lib/LXR/Common
ghsa_unreviewed·2022-05-02·CVSS 4.3
CVE-2010-1448 [MEDIUM] CWE-79 GHSA-68ww-p354-x3m2: Cross-site scripting (XSS) vulnerability in lib/LXR/Common
Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element, a different vulnerability than CVE-2009-4497 and CVE-2010-1625.
GHSA
GHSA-8698-x87q-4cgx: Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0
ghsa_unreviewed·2022-05-02
CVE-2009-4497 [MEDIUM] CWE-79 GHSA-8698-x87q-4cgx: Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program.
No detection rules found.
Exploit-DB
CompleteFTP Professional 12.1.3 - Remote Code Execution
exploitdb·2020-07-09·CVSS 4.3
CVE-2019-16116 [MEDIUM] CompleteFTP Professional 12.1.3 - Remote Code Execution
CompleteFTP Professional 12.1.3 - Remote Code Execution
---
# Exploit Title: CompleteFTP Professional
""".strip()
# endregion
# region update_config
update_config = """
{XMLSCHEMA}
{XMLDIFFGRAM}
2
0
-1
-1
""".strip()
# endregion
# region xml_schema
xml_schema = """
""".replace("", ">").replace('"', """).strip()
# endregion
# region xml_diffgram
xml_diffgram = """
88428040-73b3-4497-9b6d-69af2f1cc3c7
Process Execution
EnterpriseDT.Net.FtpServer.Trigger.ProcessTrigger
2
{CONFIGURATION}
2020-03-10T18:33:41.107+08:00
2020-03-10T10:52:00.7496654+08:00
false
true
{ID}
2
Event
2009-06-29T11:48:00+08:00
2009-06-29T11:48:00+08:00
3
2020-03-10T10:50:44.4209655+08:00
2020-03-10T10:50:44.4209655+08:
Exploit-DB
LXR 0.9.x - Cross Referencer Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2010-01-05
CVE-2009-4497 LXR 0.9.x - Cross Referencer Multiple Cross-Site Scripting Vulnerabilities
LXR 0.9.x - Cross Referencer Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/37612/info
LXR Cross Referencer is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
LXR Cross Referencer 0.9.5 and 0.9.6 are affected; other versions may also be vulnerable.
http://www.example.com/lxr/ident?i=alert('XSS')
No writeups or analysis indexed.
2010-01-07
Published