CVE-2009-5000

CWE-79 — Cross-site Scripting (XSS)21 documents4 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 57.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Filenet P8 Application Engine

Timeline

PublishedSep 20

Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/filenet_p8_application_engine4.0.2

🔴Vulnerability Details

GHSA

GHSA-8rff-2qqm-f27c: Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4↗2022-05-02

▶

CVEList

CVE-2009-5000: Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4↗2010-09-20

▶

💥Exploits & PoCs

Exploit-DB

jetAudio 8.0.0.0 - '.asx' Basic Local Crash (PoC)↗2009-12-25

▶

Exploit-DB

GPG2/Kleopatra 2.0.11 - Malformed Certificate↗2009-10-21

▶

Exploit-DB

DJ Studio Pro 4.2 - '.pls' Local Crash↗2009-09-15

▶

Exploit-DB

Invisible Browsing 5.0.52 - '.ibkey' Local Buffer Overflow↗2009-09-14

▶

Exploit-DB

Swift Ultralite 1.032 - '.m3u' Local Buffer Overflow (PoC)↗2009-08-31

▶