CVE-2009-2882

Datingpro Matchmaking - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33109

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33108

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33107

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33106

View Code ZIP pw:eip

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36004

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35808

Exploit x_refsource_misc

http://packetstormsecurity.org/0907-exploits/pgmatchmaking-xss.txt

Scores

EPSS 0.0022

EPSS Percentile 44.5%

Details

CWE

CWE-79

Status published

Products (1)

datingpro/matchmaking

Published Aug 20, 2009

Tracked Since Feb 18, 2026