{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) administrator/trash.php. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/forum/forum.php?forum_id=907703"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=653720"}, {"name": "33292", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33292"}, {"name": "anguestbook-sign1-xss(48018)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48018"}, {"name": "33490", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33490"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0424", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) administrator/trash.php. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://sourceforge.net/forum/forum.php?forum_id=907703", "refsource": "CONFIRM", "url": "http://sourceforge.net/forum/forum.php?forum_id=907703"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=653720", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=653720"}, {"name": "33292", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33292"}, {"name": "anguestbook-sign1-xss(48018)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48018"}, {"name": "33490", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33490"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:31:26.285Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/forum/forum.php?forum_id=907703"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=653720"}, {"name": "33292", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33292"}, {"name": "anguestbook-sign1-xss(48018)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48018"}, {"name": "33490", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33490"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0424", "datePublished": "2009-02-05T00:00:00.000Z", "dateReserved": "2009-02-04T00:00:00.000Z", "dateUpdated": "2024-08-07T04:31:26.285Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:*:*:*:*:*:*:*:*", "matchCriteriaId": "549A87F8-85AB-4118-B2D1-FBA0EF7C99AD", "versionEndIncluding": "0.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "22AB4055-8383-4BAF-9838-DC8D8BCD19A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "B44B5986-126D-4902-AD57-9BAA50278E33", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "E4C9527B-EF66-42A1-AFD0-35C2CFFD14A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "457BA8EF-64AD-477C-A4A8-A1F3961C2339", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E0158BE8-54E0-4AB7-8BA4-0E95A2B22C44", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "56A587CA-564F-4CDB-B65B-F1DB3B40EEA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CA1FCA7-E6D2-44F4-AF35-AC6EFB1ACA17", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "B21E8D94-04BE-4F76-BB55-9F398197F2EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "31423D65-B142-4F18-BAFB-2D097A2D8967", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "3FE5DFC6-8B2E-44B9-9A0C-27E3BBE5E488", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B468B2A9-464F-4ACF-BB9F-909E4F136245", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A5D7B247-8322-4787-BE94-6F55C4937F47", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "FA474D78-8749-4801-933F-94240CC2CED7", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AA55F57-50D1-45E7-90DF-947C683C675D", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6E094E87-1B17-4AEB-B23D-984818533B24", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E91A8A0F-0B59-44B1-9243-3BE07C453359", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BDCC557F-2686-4F2C-AF12-E6EA0B17148B", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D85DF228-FE7B-4108-A71C-F557FF1630C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7A304300-3065-4D10-8E7B-8D9634A8C5E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C4C1D17E-AB2D-4C27-A17D-8D4761A7E4A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:2.2a:*:*:*:*:*:*:*", "matchCriteriaId": "F6A7A68B-EDD3-4883-9E5F-5B6166F2AED4", "vulnerable": true}, {"criteria": "cpe:2.3:a:an_guestbook:an_guestbook:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "97953D86-46EE-45FD-B41F-330B65BB88FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) administrator/trash.php. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en AN Guestbook (ANG) antes de v0.7.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el par\u00e1metro country, el cual no se maneja adecuadamente en (1) administrator/manage.php o (2) administrator/trash.php. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."}], "id": "CVE-2009-0424", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-02-05T00:30:00.420", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33490"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://sourceforge.net/forum/forum.php?forum_id=907703"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=653720"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/33292"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33490"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://sourceforge.net/forum/forum.php?forum_id=907703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=653720"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/33292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48018"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}