CVE-2009-3225

Almondsoft Almond Classifieds - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33116

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33117

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36003

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35816

Scores

EPSS 0.0208

EPSS Percentile 84.1%

Details

CWE

CWE-79

Status published

Products (1)

almondsoft/almond_classifieds (2 CPE variants)

Published Sep 16, 2009

Tracked Since Feb 18, 2026