CVE-2009-2145

transLucid 1.75 - Cross-Site Scripting via NodeID and Action Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2145. PoCs published by intern0t.

AI-analyzed exploit summary This is a vulnerability advisory detailing XSS and HTML injection flaws in transLucid 1.75. It provides proof-of-concept URLs demonstrating the vulnerabilities but does not include executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page.

Exploits (1)

exploitdb WRITEUP VERIFIED
by intern0t · textwebappsphp
https://www.exploit-db.com/exploits/8943

This is a vulnerability advisory detailing XSS and HTML injection flaws in transLucid 1.75. It provides proof-of-concept URLs demonstrating the vulnerabilities but does not include executable exploit code.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: transLucid 1.75
No auth needed
Prerequisites: Target application running transLucid 1.75 with public mode enabled
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8943
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35389

Scores

EPSS 0.0156
EPSS Percentile 72.0%

Details

CWE
CWE-79
Status published
Products (1)
pantha/translucid 1.75
Published Jun 22, 2009
Tracked Since Feb 18, 2026