Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0404

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0404
Last Modified 10 Feb 2009 02:00:18
Published 03 Feb 2009 02:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0404

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics htmLawed 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) expressions in the style attribute, which is processed by Internet Explorer 7.

Vulnerable Systems

Application

  • Bioinformatics Htmlawed 1.0

  • Bioinformatics Htmlawed 1.0.1

  • Bioinformatics Htmlawed 1.0.2

  • Bioinformatics Htmlawed 1.0.3

  • Bioinformatics Htmlawed 1.0.4

  • Bioinformatics Htmlawed 1.0.5

  • Bioinformatics Htmlawed 1.0.6

  • Bioinformatics Htmlawed 1.0.7

  • Bioinformatics Htmlawed 1.0.8

  • Bioinformatics Htmlawed 1.0.9

  • Bioinformatics Htmlawed 1.1

  • Bioinformatics Htmlawed 1.1.1

  • Bioinformatics Htmlawed 1.1.2

  • Bioinformatics Htmlawed 1.1.3


References

XF - htmlawed-unspecified-xss(48333)

BID - 33507

CONFIRM - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s4.3

CONFIRM - http://www.bioinformatics.org/phplabware/forum/viewtopic.php?id=85

SECUNIA - 33655

OSVDB - 51650

CONFIRM - http://freshmeat.net/projects/htmlawed/?branch_id=74760&release_id=293090

CONFIRM - http://freshmeat.net/projects/htmlawed/?branch_id=74760&release_id=293026


Last Updated: 27 May 2016 10:50:14