[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3789Date: (C)2009-10-26   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-30750
BID-36777
OSVDB-59302
OSVDB-59303
OSVDB-59304
OSVDB-59305
OSVDB-59306
OSVDB-59307
OSVDB-59308
OSVDB-59309
OSVDB-59310
OSVDB-59311
OSVDB-59312
http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt
opendocman-multiple-xss(53887)

CWE    1
CWE-79

© SecPod Technologies