CVE-2009-4690

YourFreeWorld Programs Rating Script - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4690. PoCs published by Moudi.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Programs Rating Script by injecting arbitrary JavaScript code via the 'id' parameter in the 'rate.php' file. The payload bypasses basic sanitization using obfuscation techniques like mixed case and URL encoding.

Description

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/33097

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Programs Rating Script by injecting arbitrary JavaScript code via the 'id' parameter in the 'rate.php' file. The payload bypasses basic sanitization using obfuscation techniques like mixed case and URL encoding.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Programs Rating Script (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable 'rate.php' endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/33098

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Programs Rating Script by injecting arbitrary JavaScript via the 'id' parameter in postcomments.php. The payload uses basic obfuscation to bypass input filters.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Programs Rating Script (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/56077
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51880
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35918
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1967
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/56076
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35746

Scores

EPSS 0.0186
EPSS Percentile 76.5%

Details

CWE
CWE-79
Status published
Products (1)
yourfreeworld/programs_rating_script
Published Mar 10, 2010
Tracked Since Feb 18, 2026