Description
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/5797
References (3)
Core 3
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5797
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29700
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43066
Scores
EPSS
0.0246
EPSS Percentile
85.3%
Details
CWE
CWE-79
Status
published
Products (1)
butterflymedia/butterfly_organizer
2.0.0
Published
Apr 10, 2009
Tracked Since
Feb 18, 2026