CVE-2009-2937

Planet and Planet Venus - Cross-Site Scripting via IMG SRC Attribute

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2937. PoCs published by Steve Kemp.

AI-analyzed exploit summary The exploit demonstrates an HTML injection vulnerability in Planet 2.0, where user-supplied input is not properly sanitized, allowing arbitrary HTML and script code execution in the context of the affected website.

Description

Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Steve Kemp · textwebappsphp

https://www.exploit-db.com/exploits/33219

View Code ZIP pw:eip

The exploit demonstrates an HTML injection vulnerability in Planet 2.0, where user-supplied input is not properly sanitized, allowing arbitrary HTML and script code execution in the context of the affected website.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Planet 2.0

No auth needed

Prerequisites: Access to a vulnerable Planet 2.0 instance · Ability to inject HTML/JavaScript into user-supplied input

MITRE ATT&CK