CVE-2009-4786

Pligg <1.0.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php.

References (3)

[Various Sources] http://holisticinfosec.org/content/view/130/45/

[Vendor Advisory] http://secunia.com/advisories/37349

[Patch, Vendor Advisory] http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/

Scores

EPSS 0.0032

EPSS Percentile 54.9%

Classification

CWE

CWE-79

Status published

Affected Products (15)

pligg/pligg_cms < 1.0.2

pligg/pligg_cms

n/a/n/a

Timeline

Published Apr 21, 2010

Tracked Since Feb 18, 2026