3.5

CVE-2009-2131

Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.

Data is provided by the National Vulnerability Database (NVD)
4homepages4images Version <= 1.7.7
4homepages4images Version1.0 Updaterc-1
4homepages4images Version1.0 Updaterc-2
4homepages4images Version1.5
4homepages4images Version1.6
4homepages4images Version1.6.1
4homepages4images Version1.7
4homepages4images Version1.7.1
4homepages4images Version1.7.2
4homepages4images Version1.7.3
4homepages4images Version1.7.4
4homepages4images Version1.7.5
4homepages4images Version1.7.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.02% 0.751
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.