CVE-2009-4382

phpfaber Content Management System - Cross-Site Scripting via mod Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4382. PoCs published by bi0.

AI-analyzed exploit summary The provided code is a writeup describing a cross-site scripting (XSS) vulnerability in phpFaber CMS. It explains the issue and provides an example URL to demonstrate the vulnerability.

Description

Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by bi0 · textwebappsphp

https://www.exploit-db.com/exploits/33404

View Code ZIP pw:eip

The provided code is a writeup describing a cross-site scripting (XSS) vulnerability in phpFaber CMS. It explains the issue and provides an example URL to demonstrate the vulnerability.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: phpFaber CMS

No auth needed

Prerequisites: Access to a vulnerable phpFaber CMS instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0912-exploits/phpfabercms-xss.txt

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3526

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37329

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/10443

Scores

EPSS 0.0145

EPSS Percentile 70.0%

Details

CWE

CWE-79

Status published

Products (1)

phpfaber/phpfaber_content_management_system 1.3.36

Published Dec 22, 2009

Tracked Since Feb 18, 2026