CVE-2009-4168
CVE-2009-4168
Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.org/1001-exploits/joomlajvclouds-xss.txtunverifiedexploitdbwww.exploit-db.com/exploits/33371unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.org/1001-exploits/joomlajvclouds-xss.txthttp://secunia.com/advisories/37483http://secunia.com/advisories/38161https://exchange.xforce.ibmcloud.com/vulnerabilities/54397https://exchange.xforce.ibmcloud.com/vulnerabilities/55156http://websecurity.com.ua/3665/http://websecurity.com.ua/3789/http://websecurity.com.ua/3801/http://websecurity.com.ua/3839/http://www.roytanck.com/2009/11/15/wp-cumulus-updated-to-address-yet-another-security-issue/http://www.securityfocus.com/archive/1/508071/100/0/threadedhttp://www.securityfocus.com/archive/1/508606/100/0/threaded