PT-2009-5821 · Radbids · Radbids Gold

Moudi

Published

2009-10-02

Updated

2017-09-19

CVE-2009-3530

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions RadBids Gold version 4

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the mode parameter in the storefront.php file.

Recommendations For RadBids Gold version 4, update the storefront.php file to properly sanitize the mode parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the storefront.php file until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2009-3530

Affected Products

Radbids Gold

PT-2009-5821 · Radbids · Radbids Gold

CVE-2009-3530

Weakness Enumeration

Related Identifiers

Affected Products

References · 5