Vulnerability Details CVE-2009-4347
Cross-site scripting (XSS) vulnerability in daloradius-users/login.php in daloRADIUS 0.9-8 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://packetstormsecurity.org/0912-exploits/daloradius-xss.txt
- http://secunia.com/advisories/37751
- http://www.securityfocus.com/archive/1/508473/100/0/threaded
- http://packetstormsecurity.org/0912-exploits/daloradius-xss.txt
- http://secunia.com/advisories/37751
- http://www.securityfocus.com/archive/1/508473/100/0/threaded
Products affected by CVE-2009-4347
-
cpe:2.3:a:liran_tal:daloradius:*
-
cpe:2.3:a:liran_tal:daloradius:0.7
-
cpe:2.3:a:liran_tal:daloradius:0.8
-
cpe:2.3:a:liran_tal:daloradius:0.9
-
cpe:2.3:a:liran_tal:daloradius:0.9-1
-
cpe:2.3:a:liran_tal:daloradius:0.9-2
-
cpe:2.3:a:liran_tal:daloradius:0.9-3
-
cpe:2.3:a:liran_tal:daloradius:0.9-4
-
cpe:2.3:a:liran_tal:daloradius:0.9-5
-
cpe:2.3:a:liran_tal:daloradius:0.9-6
-
cpe:2.3:a:liran_tal:daloradius:0.9-7