CVE-2009-1583 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
R020	Tematres

Configuration 1 [-]

OR	cpe:2.3:a:r020:tematres:1.0.3:::::::*
	cpe:2.3:a:r020:tematres:1.031:::::::*

No data.

References

Link	Providers
http://osvdb.org/54247
http://secunia.com/advisories/34983
http://secunia.com/advisories/34990
http://www.securityfocus.com/archive/1/503252/100/0/threaded
http://www.securityfocus.com/bid/34830
https://exchange.xforce.ibmcloud.com/vulnerabilities/50343
https://www.exploit-db.com/exploits/8615

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-07T23:00:00

Updated: 2024-08-07T05:20:33.708Z

Reserved: 2009-05-07T00:00:00

Link: CVE-2009-1583

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-05-07T23:30:00.297

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-1583

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "8615", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8615"}, {"name": "54247", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/54247"}, {"name": "34830", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34830"}, {"name": "34990", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34990"}, {"name": "tematres-term-xss(50343)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50343"}, {"name": "20090505 MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3-->", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/503252/100/0/threaded"}, {"name": "34983", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34983"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1583", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "8615", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8615"}, {"name": "54247", "refsource": "OSVDB", "url": "http://osvdb.org/54247"}, {"name": "34830", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34830"}, {"name": "34990", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34990"}, {"name": "tematres-term-xss(50343)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50343"}, {"name": "20090505 MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3-->", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/503252/100/0/threaded"}, {"name": "34983", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34983"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:20:33.708Z"}, "title": "CVE Program Container", "references": [{"name": "8615", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/8615"}, {"name": "54247", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/54247"}, {"name": "34830", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34830"}, {"name": "34990", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34990"}, {"name": "tematres-term-xss(50343)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50343"}, {"name": "20090505 MULTIPLE REMOTE VULNERABILITIES--TemaTres 1.0.3-->", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/503252/100/0/threaded"}, {"name": "34983", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34983"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1583", "datePublished": "2009-05-07T23:00:00", "dateReserved": "2009-05-07T00:00:00", "dateUpdated": "2024-08-07T05:20:33.708Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:r020:tematres:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "82636BD4-87EE-4E09-ADA0-72EB0F6383C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:r020:tematres:1.031:*:*:*:*:*:*:*", "matchCriteriaId": "2823931E-7528-415E-85AD-A49544446EB4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en TemaTres versiones 1.0.3 y 1.031, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) formulario de b\u00fasqueda; (2) _expresion_de_busqueda, (3) letra, (4) estado_id y (5) tema en el archivo index.php; el (6) PATH_INFO en el archivo index.php; (7) par\u00e1metros no especificados en la edici\u00f3n de un t\u00e9rmino seg\u00fan lo especificado por los par\u00e1metros edit_id y tema en el archivo index.php; y los par\u00e1metros (7) y, (8) ord, y (9) m en el archivo sobre.php."}], "id": "CVE-2009-1583", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-05-07T23:30:00.297", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/54247"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34983"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34990"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/503252/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/34830"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50343"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/8615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/54247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/503252/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/34830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50343"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/8615"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}