Description
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gerendi Sandor Attila · textwebappsphp
https://www.exploit-db.com/exploits/33013
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35234
Patch, Vendor Advisory x_refsource_confirm
http://lussumo.com/community/discussion/9524/vanilla-118-released/#Item_0
Exploit x_refsource_misc
http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503847/100/0/threaded
Scores
EPSS
0.0096
EPSS Percentile
76.5%
Details
CWE
CWE-79
Status
published
Products (2)
lussumo/vanilla
1.1.5
lussumo/vanilla
1.1.7
Published
Jun 01, 2009
Tracked Since
Feb 18, 2026