Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-2937

Published: 18/09/2009 Updated: 18/09/2009
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote malicious users to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.

Vulnerable Product Search on Vulmon Subscribe to Product

intertwingly planet 2.0

intertwingly planet venus

Vendor Advisories

Debian CVElist Bug Report Logs: planet: [CVE-2009-2937] - Insufficient escaping of input feeds
Debian Bug report logs - #546178 planet: [CVE-2009-2937] - Insufficient escaping of input feeds Package: planet; Maintainer for planet is (unknown); Reported by: Steve Kemp <skx@debianorg> Date: Fri, 11 Sep 2009 12:39:02 UTC Severity: grave Tags: security Fixed in version 20-16+rm Done: Sandro Tosi <morph@debianorg ...

Exploits

Exploit DB: Planet 2.0 - HTML Injection
source: wwwsecurityfocuscom/bid/36392/info Planet is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would run in the context of the affected website, potentially allowing the attacker t ...

References

CWE-79http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546178http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546179https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00525.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=522802http://secunia.com/advisories/36766http://intertwingly.net/blog/2009/09/09/Venus-Updateshttps://www.redhat.com/archives/fedora-package-announce/2009-September/msg00504.htmlhttp://secunia.com/advisories/36636http://lists.planetplanet.org/archives/devel/2009-September/001999.htmlhttp://www.securityfocus.com/bid/36392https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546178https://nvd.nist.govhttps://www.exploit-db.com/exploits/33219/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223CVE-2024-0044information disclosureCVE-2024-35753HTML injectionCVE-2024-21306CVE-2024-35733SQL injectionCVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook