CVE-2009-4782

Theeta CMS - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) forum, and (3) cat parameters to community/thread.php; (4) start and (5) cat parameters to community/forum.php; and (6) start parameter to blog/index.php.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/10290

View on exploitdb

References (3)

[Exploit] http://packetstormsecurity.org/0912-exploits/theeta-sqlxss.txt

[Vendor Advisory] http://secunia.com/advisories/37529

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/508148/100/0/threaded

Scores

EPSS 0.0119

EPSS Percentile 78.6%

Classification

CWE

CWE-79

Status published

Affected Products (3)

mntechsolutions/theeta_cms

mntechsolutions/theeta_cms

n/a/n/a

Timeline

Published Apr 21, 2010

Tracked Since Feb 18, 2026