CVE-2009-0455
glFusion <1.1.1 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Bjarne Mathiesen Schacht · textwebappsphp
https://www.exploit-db.com/exploits/32784
References (5)
Scores
EPSS
0.0120
EPSS Percentile
78.7%
Classification
CWE
CWE-79
Status
published
Affected Products (3)
glfusion/glfusion
< 1.1.1
glfusion/glfusion
n/a/n/a
Timeline
Published
Feb 11, 2009
Tracked Since
Feb 18, 2026