CVE-2009-4168
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
02/12/2009
Last modified:
09/04/2025
Description
Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:roytanck:wp-cumulus:*:*:*:*:*:*:*:* | 1.22 (including) | |
| cpe:2.3:a:roytanck:wp-cumulus:1.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.03:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.04:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.05:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.16:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.org/1001-exploits/joomlajvclouds-xss.txt
- http://secunia.com/advisories/37483
- http://secunia.com/advisories/38161
- http://websecurity.com.ua/3665/
- http://websecurity.com.ua/3789/
- http://websecurity.com.ua/3801/
- http://websecurity.com.ua/3839/
- http://www.roytanck.com/2009/11/15/wp-cumulus-updated-to-address-yet-another-security-issue/
- http://www.securityfocus.com/archive/1/508071/100/0/threaded
- http://www.securityfocus.com/archive/1/508606/100/0/threaded
- http://www.securityfocus.com/archive/1/508833/100/0/threaded
- http://www.securityfocus.com/bid/37100
- http://www.securityfocus.com/bid/37479
- http://www.vupen.com/english/advisories/2009/3322
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54397
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55156
- http://packetstormsecurity.org/1001-exploits/joomlajvclouds-xss.txt
- http://secunia.com/advisories/37483
- http://secunia.com/advisories/38161
- http://websecurity.com.ua/3665/
- http://websecurity.com.ua/3789/
- http://websecurity.com.ua/3801/
- http://websecurity.com.ua/3839/
- http://www.roytanck.com/2009/11/15/wp-cumulus-updated-to-address-yet-another-security-issue/
- http://www.securityfocus.com/archive/1/508071/100/0/threaded
- http://www.securityfocus.com/archive/1/508606/100/0/threaded
- http://www.securityfocus.com/archive/1/508833/100/0/threaded
- http://www.securityfocus.com/bid/37100
- http://www.securityfocus.com/bid/37479
- http://www.vupen.com/english/advisories/2009/3322
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54397
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55156