CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-3755

Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) tabledefs_options.php, and (5) adminsettings.php in phpbms\modules\base\.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.7%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.exploit-db.com/exploits/9101
https://exchange.xforce.ibmcloud.com/vulnerabilities/51651
http://www.exploit-db.com/exploits/9101
https://exchange.xforce.ibmcloud.com/vulnerabilities/51651

Products affected by CVE-2009-3755

Kreotek » Phpbms » Version: 0.96

cpe:2.3:a:kreotek:phpbms:0.96

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3755

Products

Pricing

Contact Us