CVE-2009-4567

Viscacha 0.8 Gold - Authenticated Cross-Site Scripting via Profile Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4567. PoCs published by mr_me.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Viscacha 0.8 Gold, where a user can inject malicious JavaScript into their profile's instant messenger field. When an admin views the profile, the script executes in the admin's browser context, potentially stealing cookies.

Description

Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by mr_me · textwebappsphp
https://www.exploit-db.com/exploits/10354

This exploit demonstrates a persistent XSS vulnerability in Viscacha 0.8 Gold, where a user can inject malicious JavaScript into their profile's instant messenger field. When an admin views the profile, the script executes in the admin's browser context, potentially stealing cookies.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Viscacha 0.8 Gold
Auth required
Prerequisites: User account on the target Viscacha board · Admin interaction required
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/10354
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54614
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37608

Scores

EPSS 0.0125
EPSS Percentile 65.5%

Details

CWE
CWE-79
Status published
Products (1)
viscacha/viscacha 0.8 gold
Published Jan 05, 2010
Tracked Since Feb 18, 2026