CVE-2009-4364

ScriptsEz Ez Blog - Cross-Site Scripting via cname Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4364.

AI-analyzed exploit summary The exploit demonstrates multiple CSRF vulnerabilities in Ez Cart 1.0, allowing actions such as deleting items, members, or categories, changing admin credentials, and sending emails to all members via crafted HTML forms.

Description

Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (2)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/10461

The exploit demonstrates multiple CSRF vulnerabilities in Ez Cart 1.0, allowing actions such as deleting items, members, or categories, changing admin credentials, and sending emails to all members via crafted HTML forms.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Ez Cart 1.0
No auth needed
Prerequisites: Victim must be authenticated as an admin and visit a malicious page hosting the exploit forms
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/10458

The exploit demonstrates multiple XSS and XSRF vulnerabilities in Ez Blog 1.0. It includes functional PoC code for front-end XSS and admin panel actions like adding blogs, approving comments, changing admin info, and deleting blogs.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Ez Blog 1.0
Auth required
Prerequisites: Access to the admin panel for XSRF exploits · User interaction for XSS
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/61113
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54896
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37743

Scores

EPSS 0.0147
EPSS Percentile 70.4%

Details

CWE
CWE-79
Status published
Products (1)
scriptsez/ez_blog
Published Dec 21, 2009
Tracked Since Feb 18, 2026