CVE-2009-4991

Omnistar Recruiting - Cross-Site Scripting via job2 Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4991. PoCs published by MizoZ.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Omnistar Recruiting, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the affected site.

Description

Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by MizoZ · textwebappsphp

https://www.exploit-db.com/exploits/34618

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Omnistar Recruiting, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Omnistar Recruiting

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31514

Exploit x_refsource_misc

http://packetstormsecurity.org/0908-exploits/omnistarrecruiting-xss.txt

Scores

EPSS 0.0127

EPSS Percentile 66.0%

Details

CWE

CWE-79

Status published

Products (1)

omnistaretools/omnistar_recruiting

Published Aug 25, 2010

Tracked Since Feb 18, 2026