CVE-2009-2780

68 Classifieds 4.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.

Exploits (6)

exploitdb WRITEUP VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33197

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33201

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33198

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33199

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33200

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33202

View Code ZIP pw:eip

References (9)

[Exploit] http://packetstormsecurity.org/0907-exploits/68classifieds-xss.txt

[Vendor Advisory] http://secunia.com/advisories/36034

[Exploit] http://www.osvdb.org/56564

[Exploit] http://www.osvdb.org/56565

[Exploit] http://www.osvdb.org/56566

[Exploit] http://www.osvdb.org/56567

[Exploit] http://www.osvdb.org/56568

[Exploit] http://www.osvdb.org/56569

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/52071

Scores

EPSS 0.0276

EPSS Percentile 85.8%

Classification

CWE

CWE-79

Status published

Affected Products (2)

68_classifieds/68_classifieds

n/a/n/a

Timeline

Published Aug 17, 2009

Tracked Since Feb 18, 2026