CVE-2009-4168

Roy Tanck tagcloud.swf - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MustLive · textwebappsphp

https://www.exploit-db.com/exploits/33371

View Code ZIP pw:eip

References (16)

Core 16

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/508606/100/0/threaded

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.org/1001-exploits/joomlajvclouds-xss.txt

Various Sources x_refsource_misc

http://websecurity.com.ua/3789/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55156

Exploit x_refsource_misc

http://websecurity.com.ua/3665/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/508833/100/0/threaded

Various Sources x_refsource_misc

http://websecurity.com.ua/3801/

Various Sources x_refsource_misc

http://websecurity.com.ua/3839/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/508071/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37483

Vendor Advisory x_refsource_confirm

http://www.roytanck.com/2009/11/15/wp-cumulus-updated-to-address-yet-another-security-issue/

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3322

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38161

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37100

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/54397

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37479

Scores

EPSS 0.0520

EPSS Percentile 90.0%

Details

CWE

CWE-79

Status published

Products (19)

roytanck/wp-cumulus 1.00

roytanck/wp-cumulus 1.01

roytanck/wp-cumulus 1.02

roytanck/wp-cumulus 1.2.1

roytanck/wp-cumulus 1.03

roytanck/wp-cumulus 1.04

roytanck/wp-cumulus 1.05

roytanck/wp-cumulus 1.10

roytanck/wp-cumulus 1.11

roytanck/wp-cumulus 1.12

... and 9 more

Published Dec 02, 2009

Tracked Since Feb 18, 2026