CVE-2009-0699
Plunet BusinessManager <4.1 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Matteo Ignaccolo · textwebappsjsp
https://www.exploit-db.com/exploits/32708
References (5)
Scores
EPSS
0.0034
EPSS Percentile
56.7%
Classification
CWE
CWE-79
Status
published
Affected Products (2)
plunet/business_manager
< 4.1
n/a/n/a
Timeline
Published
Feb 23, 2009
Tracked Since
Feb 18, 2026