CVE-2009-0541

Magento 1.2.0/1.2.1.1 - Cross-Site Scripting via Login/Email/Downloader Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-0541. PoCs published by Loukas Kalenderidis.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Magento 1.2.0 by injecting a script tag into the 'return' parameter of the downloader endpoint. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Loukas Kalenderidis · textwebappsphp
https://www.exploit-db.com/exploits/32810

This exploit demonstrates a reflected XSS vulnerability in Magento 1.2.0 by injecting a script tag into the 'return' parameter of the downloader endpoint. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Magento 1.2.0
No auth needed
Prerequisites: Access to the target Magento instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Loukas Kalenderidis · textwebappsphp
https://www.exploit-db.com/exploits/32809

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Magento 1.2.0 by injecting malicious JavaScript code into the 'Email address' field of the forgot password page. The lack of input sanitization allows arbitrary script execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Magento 1.2.0
No auth needed
Prerequisites: Access to the Magento admin forgot password page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Loukas Kalenderidis · textwebappsphp
https://www.exploit-db.com/exploits/32808

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Magento's admin login page by injecting a script tag into the username field. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Magento 1.2.0
No auth needed
Prerequisites: Access to the Magento admin login page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33872
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1021746
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48876
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48877
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48878
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34000

Scores

EPSS 0.0181
EPSS Percentile 75.8%

Details

CWE
CWE-79
Status published
Products (2)
magentocommerc/magento 1.2.0
magentocommerc/magento 1.2.1.1
Published Feb 25, 2009
Tracked Since Feb 18, 2026