CVE-2009-3512

EPSS 1.8%

Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.

Affected products

n/a · n/a

public PoCs found — 4

cve_referencepacketstormsecurity.org/0907-exploits/myweight-xss.txtunverified exploitdbwww.exploit-db.com/exploits/34740unverified exploitdbwww.exploit-db.com/exploits/34741unverified exploitdbwww.exploit-db.com/exploits/34742unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.org/0907-exploits/myweight-xss.txt http://secunia.com/advisories/35919 https://exchange.xforce.ibmcloud.com/vulnerabilities/51861 http://www.osvdb.org/55997 http://www.osvdb.org/55998 http://www.osvdb.org/55999