CVE

Id
39654  
CVE No.
CVE-2009-2219  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/.  
Phase
Assigned (20090625)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
436107 39654 CVE-2009-2219 MILW0RM:9008  View
436108 39654 CVE-2009-2219 URL:http://www.milw0rm.com/exploits/9008  View
436109 39654 CVE-2009-2219 SECUNIA:35452  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
45102 JVNDB-2009-006109 LightOpenCMS の locms/smarty.php におけるディレクトリトラバーサルの脆弱性 LightOpenCMS の locms/smarty.php には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2009-2223 39654 9.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-006109.html  View