CVE-2009-4168

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.roytanck.com/2009/11/15/wp-cumulus-updated-to-address-yet-another-security-issue/", "name": "http://www.roytanck.com/2009/11/15/wp-cumulus-updated-to-address-yet-another-security-issue/", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/3322", "name": "ADV-2009-3322", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/37100", "name": "37100", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://websecurity.com.ua/3665/", "name": "http://websecurity.com.ua/3665/", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/37483", "name": "37483", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://websecurity.com.ua/3801/", "name": "http://websecurity.com.ua/3801/", "tags": [], "refsource": "MISC"}, {"url": "http://websecurity.com.ua/3789/", "name": "http://websecurity.com.ua/3789/", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/37479", "name": "37479", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/38161", "name": "38161", "tags": [], "refsource": "SECUNIA"}, {"url": "http://websecurity.com.ua/3839/", "name": "http://websecurity.com.ua/3839/", "tags": [], "refsource": "MISC"}, {"url": "http://packetstormsecurity.org/1001-exploits/joomlajvclouds-xss.txt", "name": "http://packetstormsecurity.org/1001-exploits/joomlajvclouds-xss.txt", "tags": [], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55156", "name": "joomulus-tagcloud-xss(55156)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54397", "name": "wpcumulus-tagcloud-xss(54397)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/508833/100/0/threaded", "name": "20100108 Cross-Site Scripting vulnerability in JVClouds3D for Joomla", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/508606/100/0/threaded", "name": "20091225 Vulnerability in Joomulus for Joomla", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/508071/100/0/threaded", "name": "20091124 Vulnerabilities in WP-Cumulus for WordPress", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-4168", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2009-12-02T18:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.05:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.22"}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roytanck:wp-cumulus:1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-10T19:48Z"}