PT-2009-5666 · Match Agency · Match Agency Biz

Published

2009-09-24

Updated

2017-08-17

CVE-2009-3359

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Match Agency BiZ version 1.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the important parameter to "edit profile.php" and the pid parameter to "report.php".

Recommendations For Match Agency BiZ version 1.0, as a temporary workaround, consider restricting access to the "edit profile.php" and "report.php" scripts until a patch is available. Avoid using the important parameter in "edit profile.php" and the pid parameter in "report.php" until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2009-3359

Affected Products

Match Agency Biz

PT-2009-5666 · Match Agency · Match Agency Biz

CVE-2009-3359

Weakness Enumeration

Related Identifiers

Affected Products

References · 8