Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-0496

EPSS 14.82% · P95
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-0496

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize, (6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e) audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp; and the (10) roomconfig_roomname and (11) roomconfig_roomdesc parameters to (g) muc-room-edit-form.jsp. NOTE: this can be leveraged for arbitrary code execution by using XSS to upload a malicious plugin.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ignite_Realtime Openfire 'logviewer.jsp'跨站脚本攻击漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Openfire是一款开放源码的实时协同程序。 Ignite Realtime Openfire 3.6.2版本存在多个跨站脚本攻击漏洞。远程攻击者可以借助到(a)logviewer.jsp和(b)log.jsp的(1)log参数;到(c)group-summary.jsp的(2)搜索参数;到(d)user-properties.jsp的(3)用户名参数;到(e)audit-policy.jsp的(4)logDir,(5)maxTotalSize,(6)maxFileSize, (7)maxDays和(8
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2009-0496

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2009-0496

登录查看更多情报信息。

Same Patch Batch · n/a · 2009-02-10 · 40 CVEs total

CVE-2009-0501Moodle Calendar Export 信息泄露漏洞
CVE-2008-6108Gwm Galatolo_webmanager 'result.php'跨站脚本攻击漏洞
CVE-2008-6099rportal 'index.php'未明漏洞
CVE-2008-6100Berlios Discussion Forums多个SQL注入漏洞
CVE-2008-6101Ezonescripts Adult Banner Exchange Website 'click.php' SQL注入漏洞
CVE-2008-6102ezonescripts Link Trader Script 'ratelink.php'SQL注入漏洞
CVE-2008-6103a4desk_flash_event_calendar 'index.php'代码注入漏洞
CVE-2008-6104A4Desk Event Calendar 'eventid' Parameter SQL注入漏洞
CVE-2009-0499Moodle 跨站请求伪造漏洞
CVE-2009-0500Moodle Log Table 跨站脚本漏洞
CVE-2008-6107Linux Kernel SPARC 'mremap()' 多个拒绝服务漏洞
CVE-2009-0502Moodle Snoopy 跨站脚本漏洞
CVE-2009-0490Audacity 缓冲区错误漏洞
CVE-2009-0491Elecard MPEG Player M3U文件处理栈溢出漏洞
CVE-2009-0492SimpleIrcBot Authentication 未明安全绕过漏洞
CVE-2009-0493IT!CMS 'login.php' SQL注入漏洞
CVE-2009-0494Joomla! Portfol 'vcatid' SQL注入漏洞
CVE-2009-0495REALTOR 747 'include/define.php'远程文件包含漏洞
CVE-2009-0497Ignite_Realtime Openfire 'log.jsp'目录遍历漏洞
CVE-2009-0498Minitdesign Virtual GuestBook guestbook.mdb权限许可和访问控制漏洞

Showing top 20 of 40 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2009-0496

No comments yet

Leave a comment