CVE-2009-2380

UNRATEDCross-site scripting

Description

Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.

Affected products

4Homepages / 4images1.7 – 1.7
4Homepages / 4images1.7.1 – 1.7.1
4Homepages / 4images1.7.2 – 1.7.2
4Homepages / 4images1.7.3 – 1.7.3
4Homepages / 4images1.7.4 – 1.7.4
4Homepages / 4images1.7.5 – 1.7.5
4Homepages / 4images1.7.6 – 1.7.6
4Homepages / 4images1.7.7 – 1.7.7

References

MISChttp://www.securityfocus.com/bid/35342
MISChttp://www.4homepages.de/forum/index.php?topic=25057.0
MISChttp://www.osvdb.org/55508
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/51470
VENDOR_ADVISORYhttp://secunia.com/advisories/35639