CVE-2009-3858

GejoSoft - Cross-Site Scripting via PATH_INFO to photos/tags

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3858. PoCs published by Moudi.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in GejoSoft Image Hosting Community by injecting arbitrary JavaScript via the URL path. The PoC triggers an alert dialog by embedding malicious script code in the 'tags' parameter.

Description

Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/34738

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in GejoSoft Image Hosting Community by injecting arbitrary JavaScript via the URL path. The PoC triggers an alert dialog by embedding malicious script code in the 'tags' parameter.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: GejoSoft Image Hosting Community

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35921

Exploit x_refsource_misc

http://packetstormsecurity.org/0907-exploits/gejosoft-xss.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/56061

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/51879

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1968

Scores

EPSS 0.0154

EPSS Percentile 71.7%

Details

CWE

CWE-79

Status published

Products (1)

gejosoft/gejosoft

Published Nov 04, 2009

Tracked Since Feb 18, 2026