CVE-2009-3512 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phplemon	Myweight

Configuration 1 [-]

cpe:2.3:a:phplemon:myweight:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.org/0907-exploits/myweight-xss.txt
http://secunia.com/advisories/35919
http://www.osvdb.org/55997
http://www.osvdb.org/55998
http://www.osvdb.org/55999
https://exchange.xforce.ibmcloud.com/vulnerabilities/51861

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.01077}`	epss `{'score': 0.01156}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-10-01T14:00:00

Updated: 2024-08-07T06:31:10.397Z

Reserved: 2009-10-01T00:00:00

Link: CVE-2009-3512

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-10-01T14:30:01.280

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-3512

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-21T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "55998", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/55998"}, {"name": "35919", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35919"}, {"name": "55999", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/55999"}, {"name": "55997", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/55997"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/0907-exploits/myweight-xss.txt"}, {"name": "myweight-date-xss(51861)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51861"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3512", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "55998", "refsource": "OSVDB", "url": "http://www.osvdb.org/55998"}, {"name": "35919", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35919"}, {"name": "55999", "refsource": "OSVDB", "url": "http://www.osvdb.org/55999"}, {"name": "55997", "refsource": "OSVDB", "url": "http://www.osvdb.org/55997"}, {"name": "http://packetstormsecurity.org/0907-exploits/myweight-xss.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/0907-exploits/myweight-xss.txt"}, {"name": "myweight-date-xss(51861)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51861"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:31:10.397Z"}, "title": "CVE Program Container", "references": [{"name": "55998", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/55998"}, {"name": "35919", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35919"}, {"name": "55999", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/55999"}, {"name": "55997", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/55997"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/0907-exploits/myweight-xss.txt"}, {"name": "myweight-date-xss(51861)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51861"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3512", "datePublished": "2009-10-01T14:00:00", "dateReserved": "2009-10-01T00:00:00", "dateUpdated": "2024-08-07T06:31:10.397Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phplemon:myweight:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4174C5BB-F3A1-42FB-8A6C-6A2928224F0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MyWeight 1.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro date para user_addfood.php, el par\u00e1metro info para (2) user_forgot_pwd_form.php y (3) user_login.php y (4) el par\u00e1metro return para user_login.php."}], "id": "CVE-2009-3512", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-10-01T14:30:01.280", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/0907-exploits/myweight-xss.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35919"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/55997"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/55998"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/55999"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/0907-exploits/myweight-xss.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35919"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/55997"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/55998"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/55999"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51861"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}