FKIE_CVE-2009-0736

Vulnerability from fkie_nvd - Published: 2009-02-25 20:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
cve@mitre.orghttp://secunia.com/advisories/33888Vendor Advisory
cve@mitre.orghttp://sourceforge.net/forum/forum.php?forum_id=917656Patch, Vendor Advisory
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?release_id=660130Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/33733
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33888Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/forum/forum.php?forum_id=917656Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=660130Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33733
Impacted products
Vendor Product Version
simon_brown pebble *
simon_brown pebble 1.0
simon_brown pebble 1.1
simon_brown pebble 1.2
simon_brown pebble 1.3
simon_brown pebble 1.4
simon_brown pebble 1.4
simon_brown pebble 1.4
simon_brown pebble 1.4
simon_brown pebble 1.4.1
simon_brown pebble 1.4.1_01
simon_brown pebble 1.4.2
simon_brown pebble 1.4.2_01
simon_brown pebble 1.5
simon_brown pebble 1.5
simon_brown pebble 1.5
simon_brown pebble 1.5
simon_brown pebble 1.5.1
simon_brown pebble 1.6
simon_brown pebble 1.6
simon_brown pebble 1.6
simon_brown pebble 1.6
simon_brown pebble 1.6.1
simon_brown pebble 1.7
simon_brown pebble 1.7
simon_brown pebble 1.7.1
simon_brown pebble 1.7.2
simon_brown pebble 1.8
simon_brown pebble 1.9
simon_brown pebble 2.0
simon_brown pebble 2.0.0
simon_brown pebble 2.0.0
simon_brown pebble 2.0.0
simon_brown pebble 2.0.0
simon_brown pebble 2.0.0
simon_brown pebble 2.0.1
simon_brown pebble 2.1
simon_brown pebble 2.1
simon_brown pebble 2.2
simon_brown pebble 2.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0723613E-3F87-4242-8F04-2DBD85ACA1B0",
              "versionEndIncluding": "2.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FFAC21-8B75-4475-8277-A1249E615AAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA0EF40-566D-432D-8C7F-E885821C5575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B12E869-D280-4CA4-AE6E-CD01EAA4D447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0582F1CE-E583-4343-9A85-E776E417E33C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C41588C-1E82-442A-B004-F2C9B13D0DA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A2E7FE34-D6DE-4DAD-BC97-7DECDFC3E031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "F033DCBC-5172-4947-8976-CF1A72D7878C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "FCFA081E-120E-4978-A334-AE86F1FCA9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E419C8-6636-4516-93F5-0CFAD815D26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.4.1_01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA04F73-B0B4-4A26-8EC2-8EFF33AF8A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "190A5C14-0B67-416E-B487-1CB385928525",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.4.2_01:*:*:*:*:*:*:*",
              "matchCriteriaId": "56FEC064-05CC-4B5D-94E1-4E840D3CFA74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D64F1AA-50B1-421C-934D-86345B3D0C70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "1A223112-0903-4CF8-A124-39785082BE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "2EF89C39-A8F1-4D34-B272-DA2ACEBEC1DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.5:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "4A5963C4-D407-4566-9A35-E90D3875A471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "541B8041-66D6-44B0-B811-C0F9DB68DDF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "42197A2A-72EE-4E0F-ADB4-840D71E93F35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.6:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "F50D96E4-E32F-459C-B7B9-F9113B247022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.6:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "556DDA3C-830A-4C52-BACB-23FE113EB37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.6:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "D7BEF5C4-8DD7-4836-A21C-2AAB6A91215B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB5AF94-92D2-468A-9120-F32B276C396C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7FBA912-9E01-4A84-9FFF-3B2D7393DA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.7:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "92207B85-9E88-4A57-8482-9A83671A7FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D30AE47-A277-4B77-B6C9-F7C2E1C79121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC29E29D-1915-4598-893B-BAC7404D98B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2552728-7A9D-441E-B344-D81C4A43BEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A104C8DD-CB3A-4F2E-A78E-37E49C1633F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D056297D-1E4C-4E90-ACE2-9200B5C89CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.0.0:m1:*:*:*:*:*:*",
              "matchCriteriaId": "A45BD51A-3ADC-4271-BF9B-086408885EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.0.0:m2:*:*:*:*:*:*",
              "matchCriteriaId": "B58B20D5-5E49-4121-9A9C-99E8AADD3F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.0.0:m3:*:*:*:*:*:*",
              "matchCriteriaId": "8AFACAD5-2985-45DD-8163-8B409F5A9DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "428B2B9C-D5DA-45D7-9E04-798958DAC087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5961A84D-6AC1-40CC-84C2-2B3EF989C92A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D359FF9-A9E0-45DB-BA30-7668A25DD624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54C9C979-7C00-456B-B34B-D9E83CE9BD65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AE37BA4F-DF8F-4A17-8C07-51B00DF3598C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2050DE2-8712-4056-B611-D17A0E578B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:simon_brown:pebble:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31927AAE-4A13-4F6A-8D08-57CF3670D560",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n  de secuencias de comandos en sitios cruzados en Pebble anterior a v2.3.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2009-0736",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-02-25T20:30:02.467",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33888"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/forum/forum.php?forum_id=917656"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=660130"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/forum/forum.php?forum_id=917656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?release_id=660130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33733"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.