Vulnerability Description
Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action. NOTE: this might overlap CVE-2008-1399.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clansphere | Clansphere | 2009.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/0907-exploits/clansphere-xss.txtExploit
- http://secunia.com/advisories/35744Vendor Advisory
- http://www.securityfocus.com/bid/35605Exploit
- http://www.vupen.com/english/advisories/2009/1836Vendor Advisory
- http://packetstormsecurity.org/0907-exploits/clansphere-xss.txtExploit
- http://secunia.com/advisories/35744Vendor Advisory
- http://www.securityfocus.com/bid/35605Exploit
- http://www.vupen.com/english/advisories/2009/1836Vendor Advisory
FAQ
What is CVE-2009-2438?
CVE-2009-2438 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a ...
How severe is CVE-2009-2438?
CVE-2009-2438 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2438?
Check the references section above for vendor advisories and patch information. Affected products include: Clansphere Clansphere.