CVE-2009-2131

4images <1.7.7 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Qabandi · textwebappsphp

https://www.exploit-db.com/exploits/8936

View Code ZIP pw:eip

References (7)

[Patch] http://osvdb.org/55092

[Vendor Advisory] http://secunia.com/advisories/35427

[Patch, Vendor Advisory] http://www.4homepages.de/forum/index.php?topic=15186.0

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/1582

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/51090

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35342

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8936

Scores

EPSS 0.0129

EPSS Percentile 79.5%

Classification

CWE

CWE-79

Status published

Affected Products (14)

4homepages/4images < 1.7.7

4homepages/4images

4homepages/4images

4homepages/4images

4homepages/4images

4homepages/4images

4homepages/4images

4homepages/4images

4homepages/4images

4homepages/4images

4homepages/4images

4homepages/4images

4homepages/4images

n/a/n/a

Timeline

Published Jun 19, 2009

Tracked Since Feb 18, 2026