CVE-2009-2114

SkyBlueCanvas 1.1 r237 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MaXe · textwebappsphp

https://www.exploit-db.com/exploits/34874

View Code ZIP pw:eip

References (5)

[Exploit] http://forum.intern0t.net/intern0t-advisories/1120-intern0t-skybluecanvas-1-1-r237-multiple-vulnerabilities.html

[Exploit] http://osvdb.org/55115

[Vendor Advisory] http://secunia.com/advisories/35478

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/51165

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/504302/100/0/threaded

Scores

EPSS 0.0114

EPSS Percentile 78.2%

Classification

CWE

CWE-79

Status published

Affected Products (2)

skybluecanvas/skybluecanvas

n/a/n/a

Timeline

Published Jun 18, 2009

Tracked Since Feb 18, 2026