CVE-2009-3512

Phplemon Myweight - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/34742

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/34741

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/34740

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/55998

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35919

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/55999

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/55997

Exploit x_refsource_misc

http://packetstormsecurity.org/0907-exploits/myweight-xss.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/51861

Scores

EPSS 0.0104

EPSS Percentile 77.5%

Details

CWE

CWE-79

Status published

Products (1)

phplemon/myweight 1.0

Published Oct 01, 2009

Tracked Since Feb 18, 2026