CVE-2009-0541

Magento 1.2.0-1.2.1.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Loukas Kalenderidis · textwebappsphp

https://www.exploit-db.com/exploits/32810

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Loukas Kalenderidis · textwebappsphp

https://www.exploit-db.com/exploits/32808

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Loukas Kalenderidis · textwebappsphp

https://www.exploit-db.com/exploits/32809

View Code ZIP pw:eip

References (7)

[Exploit] http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0257.html

[Vendor Advisory] http://secunia.com/advisories/34000

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1021746

[Exploit] http://www.securityfocus.com/bid/33872

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48876

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48877

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48878

Scores

EPSS 0.0066

EPSS Percentile 70.8%

Classification

CWE

CWE-79

Status published

Affected Products (3)

magentocommerc/magento

magentocommerc/magento

n/a/n/a

Timeline

Published Feb 25, 2009

Tracked Since Feb 18, 2026