CVE-2009-3227: XSS
First published: Wed Sep 16 2009(Updated: )
Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to inject arbitrary web script or HTML via the city parameter in a search action. NOTE: some of these details are obtained from third party information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Almondsoft Affiliate Network Classifieds | ||
| Almondsoft Affiliate Network Classifieds |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-3227?
CVE-2009-3227 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2009-3227?
To fix CVE-2009-3227, ensure input validation and sanitization on the city parameter in the search action.
What types of attacks can be performed due to CVE-2009-3227?
CVE-2009-3227 allows remote attackers to conduct cross-site scripting (XSS) attacks, injecting arbitrary web scripts or HTML into the application.
Which software is affected by CVE-2009-3227?
CVE-2009-3227 affects AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds.
Is CVE-2009-3227 easy to exploit?
Exploiting CVE-2009-3227 can be relatively easy for attackers familiar with XSS techniques, as it relies on inadequate input handling.
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/almondsoft
- canonical/almondsoft affiliate network classifieds