CVE-2009-2930

Elkagroup Elkapax Cms - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Search feature in elka CMS (aka Elkapax) allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Isfahan · textwebappsphp
https://www.exploit-db.com/exploits/34616

References (1)

Scores

EPSS 0.0016
EPSS Percentile 37.2%

Classification

CWE
CWE-79
Status published

Affected Products (2)

elkagroup/elkapax_cms
n/a/n/a

Timeline

Published Aug 21, 2009
Tracked Since Feb 18, 2026