CVE-2009-4567

Viscacha 0.8 Gold - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mr_me · textwebappsphp

https://www.exploit-db.com/exploits/10354

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.org/0912-exploits/viscacha-xss.txt

[Vendor Advisory] http://secunia.com/advisories/37608

[Exploit] http://www.exploit-db.com/exploits/10354

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/54614

Scores

EPSS 0.0018

EPSS Percentile 39.9%

Classification

CWE

CWE-79

Status published

Affected Products (2)

viscacha/viscacha

n/a/n/a

Timeline

Published Jan 05, 2010

Tracked Since Feb 18, 2026