Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phplemon | Myweight | 1.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/0907-exploits/myweight-xss.txtExploit
- http://secunia.com/advisories/35919Vendor Advisory
- http://www.osvdb.org/55997
- http://www.osvdb.org/55998
- http://www.osvdb.org/55999
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51861
- http://packetstormsecurity.org/0907-exploits/myweight-xss.txtExploit
- http://secunia.com/advisories/35919Vendor Advisory
- http://www.osvdb.org/55997
- http://www.osvdb.org/55998
- http://www.osvdb.org/55999
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51861
FAQ
What is CVE-2009-3512?
CVE-2009-3512 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) ...
How severe is CVE-2009-3512?
CVE-2009-3512 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3512?
Check the references section above for vendor advisories and patch information. Affected products include: Phplemon Myweight.