CVE-2009-4547

ViArt CMS 3.x - Cross-Site Scripting via category_id or forum_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-4547. PoCs published by Moudi.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in ViArt CMS by injecting malicious JavaScript code via the 'forum_id' parameter in the URL. The payload bypasses basic sanitization using obfuscation techniques like mixed case and URL encoding.

Description

Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/33158

This exploit demonstrates a reflected XSS vulnerability in ViArt CMS by injecting malicious JavaScript code via the 'forum_id' parameter in the URL. The payload bypasses basic sanitization using obfuscation techniques like mixed case and URL encoding.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ViArt CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable ViArt CMS forum_topic_new.php endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/33155

This exploit demonstrates a reflected XSS vulnerability in ViArt CMS by injecting malicious JavaScript via the 'category_id' parameter in the forums.php page. The payload uses URL encoding and case obfuscation to bypass basic filters.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ViArt CMS (version not specified)
No auth needed
Prerequisites: Access to the forums.php page with the 'category_id' parameter
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/33157

This exploit demonstrates a reflected XSS vulnerability in ViArt CMS by injecting malicious JavaScript via the 'forum_id' parameter. The payload bypasses basic sanitization using URL encoding and case variation.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ViArt CMS (version not specified)
No auth needed
Prerequisites: Access to a vulnerable ViArt CMS instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52371
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36003
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/56883
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36241
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/56884
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/56885

Scores

EPSS 0.0185
EPSS Percentile 76.3%

Details

CWE
CWE-79
Status published
Products (1)
viart/viart_cms 3.3.2
Published Jan 04, 2010
Tracked Since Feb 18, 2026