CVE-2009-4497

LXR Cross Referencer 0.9.5 and 0.9.6 - Cross-Site Scripting via Ident Program i Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4497. PoCs published by Dan Rosenberg.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in LXR Cross Referencer versions 0.9.5 and 0.9.6. It includes a proof-of-concept URL demonstrating the vulnerability but does not contain executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Dan Rosenberg · textwebappsphp

https://www.exploit-db.com/exploits/33469

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in LXR Cross Referencer versions 0.9.5 and 0.9.6. It includes a proof-of-concept URL demonstrating the vulnerability but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: LXR Cross Referencer 0.9.5, 0.9.6

No auth needed

Prerequisites: Access to the vulnerable LXR Cross Referencer instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product mailing-list x_refsource_mlist

http://sourceforge.net/mailarchive/message.php?msg_name=E1NS2s4-0001PE-F2%403bkjzd1.ch3.sourceforge.com

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38117

Scores

EPSS 0.0322

EPSS Percentile 86.6%

Details

CWE

CWE-79

Status published

Products (2)

malcom_box/lxr_cross_referencer 0.9.5

malcom_box/lxr_cross_referencer 0.9.6

Published Jan 07, 2010

Tracked Since Feb 18, 2026