CVE-2009-4729

EPSS 3.6%

Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/9340unverified exploitdbwww.exploit-db.com/exploits/9340unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/36067 https://exchange.xforce.ibmcloud.com/vulnerabilities/52163 http://www.exploit-db.com/exploits/9340 http://www.osvdb.org/56671 http://www.osvdb.org/56672 http://www.osvdb.org/56673 http://www.osvdb.org/56674