CVE-2009-4984

Websitesrus Accessories ME Php Affiliate Script - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/9370

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://secunia.com/advisories/36148

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9370

Scores

EPSS 0.0023

EPSS Percentile 45.0%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

websitesrus/accessories_me_php_affiliate_script

Timeline

Published Aug 25, 2010

Tracked Since Feb 18, 2026