← volver
CVE-2009-3789

CVE-2009-3789

EPSS 2.8%
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
Productos afectados
n/a · n/a
PoCs públicas encontradas13
cve_referencewww.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txtno verificadoexploitdbwww.exploit-db.com/exploits/33295no verificadoexploitdbwww.exploit-db.com/exploits/33298no verificadoexploitdbwww.exploit-db.com/exploits/33299no verificadoexploitdbwww.exploit-db.com/exploits/33300no verificadoexploitdbwww.exploit-db.com/exploits/33297no verificadoexploitdbwww.exploit-db.com/exploits/33301no verificadoexploitdbwww.exploit-db.com/exploits/33302no verificadoexploitdbwww.exploit-db.com/exploits/33303no verificadoexploitdbwww.exploit-db.com/exploits/33296no verificadoexploitdbwww.exploit-db.com/exploits/33304no verificadoexploitdbwww.exploit-db.com/exploits/33305no verificadoexploitdbwww.exploit-db.com/exploits/9903no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://osvdb.org/59302http://osvdb.org/59303http://osvdb.org/59304http://osvdb.org/59305http://osvdb.org/59306http://osvdb.org/59307http://osvdb.org/59308http://osvdb.org/59309http://osvdb.org/59310http://osvdb.org/59311http://osvdb.org/59312http://secunia.com/advisories/30750