CVE-2009-4548

EPSS 2.3%

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the (5) forum_id parameter to forum.php; or the (6) search_category_id parameter to products_search.php.

Affected products

n/a · n/a

public PoCs found — 7

cve_referencepacketstormsecurity.org/0908-exploits/viarthd-xss.txtunverified exploitdbwww.exploit-db.com/exploits/34495unverified exploitdbwww.exploit-db.com/exploits/34498unverified exploitdbwww.exploit-db.com/exploits/34494unverified exploitdbwww.exploit-db.com/exploits/34499unverified exploitdbwww.exploit-db.com/exploits/34496unverified exploitdbwww.exploit-db.com/exploits/34497unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/56877 http://osvdb.org/56878 http://osvdb.org/56879 http://osvdb.org/56880 http://osvdb.org/56881 http://osvdb.org/56882 http://packetstormsecurity.org/0908-exploits/viarthd-xss.txt http://secunia.com/advisories/36240 https://exchange.xforce.ibmcloud.com/vulnerabilities/52349