CVE-2009-4384

Scriptsez Ez Poll Hoster - Cross-Site Scripting via pid or uid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4384. PoCs published by Milos Zivanovic.

AI-analyzed exploit summary This exploit demonstrates multiple XSS and XSRF vulnerabilities in Ez Poll Hoster, including proof-of-concept URLs and a form-based exploit for sending arbitrary emails to all users. The vulnerabilities allow for cross-site scripting and cross-site request forgery attacks.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Milos Zivanovic · textwebappsphp
https://www.exploit-db.com/exploits/10439

This exploit demonstrates multiple XSS and XSRF vulnerabilities in Ez Poll Hoster, including proof-of-concept URLs and a form-based exploit for sending arbitrary emails to all users. The vulnerabilities allow for cross-site scripting and cross-site request forgery attacks.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Ez Poll Hoster (version not specified)
No auth needed
Prerequisites: Access to the target application · User interaction for XSS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3529
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37716
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/10439

Scores

EPSS 0.0148
EPSS Percentile 70.6%

Details

CWE
CWE-79
Status published
Products (1)
scriptsez/ez_poll_hoster
Published Dec 22, 2009
Tracked Since Feb 18, 2026