Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2302

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-2302
Last Modified 11 Nov 2010 01:39:16
Published 02 Jul 2009 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2302

Summary

Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also affected.

Vulnerable Systems

Application

  • Avatic Aardvark Topsites Php 4.0.2

  • Avatic Aardvark Topsites Php 4.1.1

  • Avatic Aardvark Topsites Php 4.2.2

  • Avatic Aardvark Topsites Php 5

  • Avatic Aardvark Topsites Php 5.0.3

  • Avatic Aardvark Topsites Php 5.1.2

  • Avatic Aardvark Topsites Php 5.2.0


References

XF - aardvarktopsitesphp-index-xss(51391)

BID - 35506

BUGTRAQ - 20101024 Aardvark Topsite XSS vulnerability

BUGTRAQ - 20090625 Report vulnerabilities

MISC - http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/

SECUNIA - 41985


Last Updated: 27 May 2016 10:50:51