Published: 16/09/2009 Updated: 17/09/2009

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote malicious users to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
almondsoft almond classifieds

source: wwwsecurityfocuscom/bid/35816/info AlmondSoft Almond Classifieds is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise ...

source: wwwsecurityfocuscom/bid/35816/info AlmondSoft Almond Classifieds is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromis ...

CWE-79 http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt http://www.securityfocus.com/bid/35816 http://secunia.com/advisories/36003 https://nvd.nist.gov https://www.exploit-db.com/exploits/33116/

CVE-2009-3225

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect