CVE-2009-4542

IsolSoft Support Center 2.5 - Cross-Site Scripting via lang Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4542. PoCs published by Moudi.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities (XSS, LFI, RFI) in IsolSoft Support Center 2.5 by manipulating the 'lang' parameter in various PHP scripts. The PoC includes clear examples of exploit URLs for each vulnerability type.

Description

Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/9397

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities (XSS, LFI, RFI) in IsolSoft Support Center 2.5 by manipulating the 'lang' parameter in various PHP scripts. The PoC includes clear examples of exploit URLs for each vulnerability type.

Classification

Working Poc 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: IsolSoft Support Center 2.5

No auth needed

Prerequisites: Network access to the target application · Vulnerable version of IsolSoft Support Center

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35997

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9397

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/52351

Scores

EPSS 0.0301

EPSS Percentile 85.7%

Details

CWE

CWE-79

Status published

Products (1)

isolsoft/support_center 2.5

Published Jan 04, 2010

Tracked Since Feb 18, 2026