Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Radactive | I-Load | <= 2008.r2 |
Related Weaknesses (CWE)
References
- http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339Patch
- http://secunia.com/advisories/23807Vendor Advisory
- http://www.osvdb.org/58195Patch
- http://www.securityfocus.com/archive/1/506555/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53348
- https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabi
- http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339Patch
- http://secunia.com/advisories/23807Vendor Advisory
- http://www.osvdb.org/58195Patch
- http://www.securityfocus.com/archive/1/506555/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53348
- https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabi
FAQ
What is CVE-2009-3450?
CVE-2009-3450 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names ...
How severe is CVE-2009-3450?
CVE-2009-3450 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3450?
Check the references section above for vendor advisories and patch information. Affected products include: Radactive I-Load.