CVE-2009-2937

Intertwingly Planet - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Steve Kemp · textwebappsphp

https://www.exploit-db.com/exploits/33219

View Code ZIP pw:eip

References (10)

[Issue Tracking] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546178

[Issue Tracking] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546179

[Patch] http://intertwingly.net/blog/2009/09/09/Venus-Updates

[Patch] http://lists.planetplanet.org/archives/devel/2009-September/001999.html

[Vendor Advisory] http://secunia.com/advisories/36636

[Vendor Advisory] http://secunia.com/advisories/36766

[Exploit] http://www.securityfocus.com/bid/36392

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=522802

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00504.html

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00525.html

Scores

EPSS 0.0262

EPSS Percentile 85.5%

Classification

CWE

CWE-79

Status published

Affected Products (3)

intertwingly/planet

intertwingly/planet_venus

n/a/n/a

Timeline

Published Sep 18, 2009

Tracked Since Feb 18, 2026