CVE-2009-4681
published 2010-03-10CVE-2009-4681: Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.50%
71.0th percentile
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpdirectorysource | phpdirectorysource | — | — |
| phpdirectorysource | phpdirectorysource | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
phpDirectorySource 1.0/1.1 search.php st cross site scripting (EDB-9226 / BID-35760)
vuldb·2026-05-02·CVSS 4.3
CVE-2009-4681 [MEDIUM] phpDirectorySource 1.0/1.1 search.php st cross site scripting (EDB-9226 / BID-35760)
A vulnerability has been found in phpDirectorySource 1.0/1.1 and classified as problematic. The impacted element is an unknown function of the file search.php. Performing a manipulation of the argument st results in cross site scripting.
This vulnerability is known as CVE-2009-4681. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
GHSA
GHSA-7qv6-6fjq-f6v7: Cross-site scripting (XSS) vulnerability in search
ghsa_unreviewed·2022-05-02
CVE-2009-4681 [MEDIUM] CWE-79 GHSA-7qv6-6fjq-f6v7: Cross-site scripting (XSS) vulnerability in search
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
No detection rules found.
http://packetstormsecurity.org/0907-exploits/wbd-sqlxss.txthttp://secunia.com/advisories/35941http://www.exploit-db.com/exploits/9226http://www.securityfocus.com/bid/35760http://packetstormsecurity.org/0907-exploits/wbd-sqlxss.txthttp://secunia.com/advisories/35941http://www.exploit-db.com/exploits/9226http://www.securityfocus.com/bid/35760
2010-03-10
Published