Description
Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Steve Kemp · textwebappsphp
https://www.exploit-db.com/exploits/33219
References (10)
Core 10
Core References
Patch mailing-list
x_refsource_mlist
http://lists.planetplanet.org/archives/devel/2009-September/001999.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36636
Patch x_refsource_confirm
http://intertwingly.net/blog/2009/09/09/Venus-Updates
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00525.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00504.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36766
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546178
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=522802
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36392
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546179
Scores
EPSS
0.0262
EPSS Percentile
85.8%
Details
CWE
CWE-79
Status
published
Products (2)
intertwingly/planet
2.0
intertwingly/planet_venus
Published
Sep 18, 2009
Tracked Since
Feb 18, 2026