CVE-2009-3225

Almondsoft Almond Classifieds - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33117

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/33116

View Code ZIP pw:eip

References (3)

[Exploit] http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt

[Vendor Advisory] http://secunia.com/advisories/36003

[Exploit] http://www.securityfocus.com/bid/35816

Scores

EPSS 0.0080

EPSS Percentile 73.9%

Classification

CWE

CWE-79

Status published

Affected Products (3)

almondsoft/almond_classifieds

almondsoft/almond_classifieds

n/a/n/a

Timeline

Published Sep 16, 2009

Tracked Since Feb 18, 2026