CVE-2009-4547
published 2010-01-04CVE-2009-4547: Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.85%
76.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| viart | viart_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ViArt CMS - 'forum_topic_new.php?forum_id' Cross-Site Scripting
exploitdb·2009-08-10
CVE-2009-4547 ViArt CMS - 'forum_topic_new.php?forum_id' Cross-Site Scripting
ViArt CMS - 'forum_topic_new.php?forum_id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/36003/info
ViArt CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.
http://www.example.com/cms-demo/forum_topic_new.php?forum_id=1>">alert(522558583855)%3B
Exploit-DB
ViArt CMS - 'forums.php?category_id' Cross-Site Scripting
exploitdb·2009-08-10
CVE-2009-4547 ViArt CMS - 'forums.php?category_id' Cross-Site Scripting
ViArt CMS - 'forums.php?category_id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/36003/info
ViArt CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.
http://www.example.com/cms-demo/forums.php?category_id=1>">alert(522558583855)%3B
Exploit-DB
ViArt CMS - 'forum.php?forum_id' Cross-Site Scripting
exploitdb·2009-08-10
CVE-2009-4547 ViArt CMS - 'forum.php?forum_id' Cross-Site Scripting
ViArt CMS - 'forum.php?forum_id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/36003/info
ViArt CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.
http://www.example.com/cms-demo/forum.php?forum_id=1>">alert(522558583855)%3B
No writeups or analysis indexed.
http://osvdb.org/56883http://osvdb.org/56884http://osvdb.org/56885http://packetstormsecurity.org/0908-exploits/viartcms-xss.txthttp://secunia.com/advisories/36241http://www.securityfocus.com/bid/36003https://exchange.xforce.ibmcloud.com/vulnerabilities/52371http://osvdb.org/56883http://osvdb.org/56884http://osvdb.org/56885http://packetstormsecurity.org/0908-exploits/viartcms-xss.txthttp://secunia.com/advisories/36241http://www.securityfocus.com/bid/36003https://exchange.xforce.ibmcloud.com/vulnerabilities/52371
2010-01-04
Published