Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

6 vulnerabilities by resalecode

CVE-2009-4688 (GCVE-0-2009-4688)

Vulnerability from cvelistv5 – Published: 2010-03-10 22:00 – Updated: 2024-09-16 23:11
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:08:38.132Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt"
          },
          {
            "name": "35894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35894"
          },
          {
            "name": "ADV-2009-1977",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1977"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-03-10T22:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt"
        },
        {
          "name": "35894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35894"
        },
        {
          "name": "ADV-2009-1977",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1977"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4688",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt"
            },
            {
              "name": "35894",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35894"
            },
            {
              "name": "ADV-2009-1977",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1977"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4688",
    "datePublished": "2010-03-10T22:00:00.000Z",
    "dateReserved": "2010-03-10T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:11:14.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4689 (GCVE-0-2009-4689)

Vulnerability from cvelistv5 – Published: 2010-03-10 22:00 – Updated: 2024-09-16 22:41
VLAI?
Summary
SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:08:38.125Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt"
          },
          {
            "name": "35894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35894"
          },
          {
            "name": "ADV-2009-1977",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1977"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-03-10T22:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt"
        },
        {
          "name": "35894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35894"
        },
        {
          "name": "ADV-2009-1977",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1977"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4689",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt"
            },
            {
              "name": "35894",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35894"
            },
            {
              "name": "ADV-2009-1977",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1977"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4689",
    "datePublished": "2010-03-10T22:00:00.000Z",
    "dateReserved": "2010-03-10T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:41:23.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4691 (GCVE-0-2009-4691)

Vulnerability from cvelistv5 – Published: 2010-03-10 22:00 – Updated: 2024-09-16 20:32
VLAI?
Summary
SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:08:38.193Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35904",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35904"
          },
          {
            "name": "ADV-2009-1980",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1980"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/0907-exploits/linktrader-sqlxss.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-03-10T22:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "35904",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35904"
        },
        {
          "name": "ADV-2009-1980",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1980"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/0907-exploits/linktrader-sqlxss.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4691",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35904",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35904"
            },
            {
              "name": "ADV-2009-1980",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1980"
            },
            {
              "name": "http://packetstormsecurity.org/0907-exploits/linktrader-sqlxss.txt",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/0907-exploits/linktrader-sqlxss.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4691",
    "datePublished": "2010-03-10T22:00:00.000Z",
    "dateReserved": "2010-03-10T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:32:46.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2589 (GCVE-0-2009-2589)

Vulnerability from cvelistv5 – Published: 2009-07-24 16:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/56170 vdb-entryx_refsource_OSVDB
http://www.vupen.com/english/advisories/2009/1978 vdb-entryx_refsource_VUPEN
http://packetstormsecurity.org/0907-exploits/huts… x_refsource_MISC
http://osvdb.org/56171 vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://osvdb.org/56172 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/35893 third-party-advisoryx_refsource_SECUNIA
Date Public ?
2009-07-21 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:57.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "56170",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56170"
          },
          {
            "name": "ADV-2009-1978",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1978"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt"
          },
          {
            "name": "56171",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56171"
          },
          {
            "name": "hutscripts-msg-xss(51912)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51912"
          },
          {
            "name": "56172",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56172"
          },
          {
            "name": "35893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "56170",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56170"
        },
        {
          "name": "ADV-2009-1978",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1978"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt"
        },
        {
          "name": "56171",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56171"
        },
        {
          "name": "hutscripts-msg-xss(51912)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51912"
        },
        {
          "name": "56172",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56172"
        },
        {
          "name": "35893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2589",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "56170",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/56170"
            },
            {
              "name": "ADV-2009-1978",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1978"
            },
            {
              "name": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt"
            },
            {
              "name": "56171",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/56171"
            },
            {
              "name": "hutscripts-msg-xss(51912)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51912"
            },
            {
              "name": "56172",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/56172"
            },
            {
              "name": "35893",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2589",
    "datePublished": "2009-07-24T16:00:00.000Z",
    "dateReserved": "2009-07-24T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:59:57.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2590 (GCVE-0-2009-2590)

Vulnerability from cvelistv5 – Published: 2009-07-24 16:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.vupen.com/english/advisories/2009/1978 vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://packetstormsecurity.org/0907-exploits/huts… x_refsource_MISC
http://osvdb.org/56175 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/35893 third-party-advisoryx_refsource_SECUNIA
Date Public ?
2009-07-21 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:55.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-1978",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1978"
          },
          {
            "name": "hutscripts-cid-sql-injection(51913)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51913"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt"
          },
          {
            "name": "56175",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56175"
          },
          {
            "name": "35893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-1978",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1978"
        },
        {
          "name": "hutscripts-cid-sql-injection(51913)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51913"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt"
        },
        {
          "name": "56175",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56175"
        },
        {
          "name": "35893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2590",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-1978",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1978"
            },
            {
              "name": "hutscripts-cid-sql-injection(51913)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51913"
            },
            {
              "name": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt"
            },
            {
              "name": "56175",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/56175"
            },
            {
              "name": "35893",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2590",
    "datePublished": "2009-07-24T16:00:00.000Z",
    "dateReserved": "2009-07-24T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:59:55.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2588 (GCVE-0-2009-2588)

Vulnerability from cvelistv5 – Published: 2009-07-24 16:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://packetstormsecurity.org/0907-exploits/hots… x_refsource_MISC
http://www.vupen.com/english/advisories/2009/1979 vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/35892 third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/56167 vdb-entryx_refsource_OSVDB
http://osvdb.org/56168 vdb-entryx_refsource_OSVDB
http://osvdb.org/56169 vdb-entryx_refsource_OSVDB
Date Public ?
2009-07-21 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:55.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/0907-exploits/hotscriptsclone-xss.txt"
          },
          {
            "name": "ADV-2009-1979",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1979"
          },
          {
            "name": "hotscriptsclone-msg-xss(51911)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51911"
          },
          {
            "name": "35892",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35892"
          },
          {
            "name": "56167",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56167"
          },
          {
            "name": "56168",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56168"
          },
          {
            "name": "56169",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/56169"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/0907-exploits/hotscriptsclone-xss.txt"
        },
        {
          "name": "ADV-2009-1979",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1979"
        },
        {
          "name": "hotscriptsclone-msg-xss(51911)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51911"
        },
        {
          "name": "35892",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35892"
        },
        {
          "name": "56167",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56167"
        },
        {
          "name": "56168",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56168"
        },
        {
          "name": "56169",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/56169"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.org/0907-exploits/hotscriptsclone-xss.txt",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/0907-exploits/hotscriptsclone-xss.txt"
            },
            {
              "name": "ADV-2009-1979",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1979"
            },
            {
              "name": "hotscriptsclone-msg-xss(51911)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51911"
            },
            {
              "name": "35892",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35892"
            },
            {
              "name": "56167",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/56167"
            },
            {
              "name": "56168",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/56168"
            },
            {
              "name": "56169",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/56169"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2588",
    "datePublished": "2009-07-24T16:00:00.000Z",
    "dateReserved": "2009-07-24T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:59:55.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}