CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-4926

Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.2%

CVSS Severity

CVSS v2 Score 4.3

References

http://packetstorm.linuxsecurity.com/0904-exploits/ocm30-xss.txt
http://secunia.com/advisories/34826
http://www.securityfocus.com/bid/34626
http://packetstorm.linuxsecurity.com/0904-exploits/ocm30-xss.txt
http://secunia.com/advisories/34826
http://www.securityfocus.com/bid/34626

Products affected by CVE-2009-4926

Esoftpro » Online Contact Manager » Version: 3.0

cpe:2.3:a:esoftpro:online_contact_manager:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-4926

Products

Pricing

Contact Us