CVE-2009-0573
FotoWeb 6.0 - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Stelios Tigkas · textwebappsphp
https://www.exploit-db.com/exploits/32783
exploitdb
WORKING POC
VERIFIED
by Stelios Tigkas · textwebappsphp
https://www.exploit-db.com/exploits/32782
Scores
EPSS
0.0068
EPSS Percentile
71.3%
Classification
CWE
CWE-79
Status
published
Affected Products (2)
fotoware/fotoweb
n/a/n/a
Timeline
Published
Feb 13, 2009
Tracked Since
Feb 18, 2026