CVE-2009-0417

Agavi <0.11.6-1.0.0 beta 8 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not properly handled by web browsers that do not strictly follow RFC 3986, such as Internet Explorer 6 and 7.

References (4)

Scores

EPSS 0.0031
EPSS Percentile 53.8%

Classification

CWE
CWE-79
Status published

Affected Products (33)

agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
agavi/agavi
... and 18 more

Timeline

Published Feb 10, 2009
Tracked Since Feb 18, 2026