Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xzeroscripts | Xzero Community Classifieds | 4.97.8 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/0907-exploits/xzero-xss.txtExploit
- http://secunia.com/advisories/35996Vendor Advisory
- http://www.securityfocus.com/bid/35809Exploit
- http://www.vupen.com/english/advisories/2009/2010Vendor Advisory
- http://packetstormsecurity.org/0907-exploits/xzero-xss.txtExploit
- http://secunia.com/advisories/35996Vendor Advisory
- http://www.securityfocus.com/bid/35809Exploit
- http://www.vupen.com/english/advisories/2009/2010Vendor Advisory
FAQ
What is CVE-2009-2893?
CVE-2009-2893 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in ...
How severe is CVE-2009-2893?
CVE-2009-2893 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2893?
Check the references section above for vendor advisories and patch information. Affected products include: Xzeroscripts Xzero Community Classifieds.