CVE-2009-1408

Webspell - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.

Exploits (1)

exploitdb WORKING POC VERIFIED

by YEnH4ckEr · textwebappsphp

https://www.exploit-db.com/exploits/8453

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://secunia.com/advisories/34764

[Exploit, Patch] http://www.securityfocus.com/bid/34595

[Patch, Vendor Advisory] http://www.webspell.org/index.php?site=files&file=25

[Patch, Vendor Advisory] http://www.webspell.org/index.php?site=news_comments&newsID=126&lang=uk

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49937

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/502732/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8453

[Third Party Advisory, VDB Entry] http://osvdb.org/53782

Scores

EPSS 0.0920

EPSS Percentile 92.6%

Classification

CWE

CWE-79

Status published

Affected Products (2)

webspell/webspell

n/a/n/a

Timeline

Published Apr 24, 2009

Tracked Since Feb 18, 2026