Vulnerability Details CVE-2009-1845
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html
- http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0
- http://secunia.com/advisories/35234
- http://www.securityfocus.com/archive/1/503847/100/0/threaded
- http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html
- http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0
- http://secunia.com/advisories/35234
- http://www.securityfocus.com/archive/1/503847/100/0/threaded