CVE-2009-3450

Radactive I-load < 2008.r2 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.

References (6)

[Patch] http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339

[Vendor Advisory] http://secunia.com/advisories/23807

[Patch] http://www.osvdb.org/58195

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53348

[Various Sources] https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/506555/100/0/threaded

Scores

EPSS 0.0053

EPSS Percentile 67.0%

Classification

CWE

CWE-79

Status published

Affected Products (48)

radactive/i-load < 2008.r2

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

radactive/i-load

... and 33 more

Timeline

Published Sep 29, 2009

Tracked Since Feb 18, 2026