FKIE_CVE-2009-5113
Vulnerability from fkie_nvd - Published: 2012-03-19 18:55 - Updated: 2026-04-29 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the DOC parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iwork:webglimpse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "046CE244-A34A-44AC-9C40-70FE678DF54A",
"versionEndIncluding": "2.18.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "05F90A43-1781-48BE-A522-8337743FC093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E76C23-BE73-4B01-9012-E13163E4250F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EEE2D3-63A9-4928-A95E-2E52370B054B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5B3472-976F-4F82-B395-475373EAEECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.0.07:*:*:*:*:*:*:*",
"matchCriteriaId": "BD36F268-1AA9-4444-9DFF-3D15E29EA88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "90A5D070-D29B-4177-83C3-8BE2B66A70C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "C08C7A97-3DAB-42A9-B17D-6DCCC1DB7F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C829927F-2732-4E4F-85B1-5B66A671B830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD0F5EA-66DB-4057-B015-A438F4AF24CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6ACEF59-4C71-40DB-B16F-87839CB7C8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20561CE4-FD8A-499E-96BA-9323F9E1F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "599032E3-4950-4047-B487-86A7AA7ED12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C303D6-ED72-40AF-B807-039201DA063F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F627DFC9-69A3-44EC-ABE0-7E7B28CCF827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F81397-885F-4CD3-AF88-E91CCC468923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DA287B49-3FF1-4FEC-A2F5-1E721E038AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ABA152-194C-4B90-9D02-EDB3CCC22250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E26B0733-9ECF-48D7-9200-953C400A6CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C89B4D0D-55ED-4E33-A872-CEDBDA448ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC6C2F2B-8C88-46F5-A172-BEDDFF8E7B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6017C5F4-F90D-4C82-B67E-2578F71AF11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90FE1431-97FE-41B8-82C1-3DD449CFBE71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A0717B00-C126-4CA9-BF34-E46D94E85C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE9F485-45C4-450A-9BD1-248194AF47ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E52B9C0-2437-47C3-A477-78CFF966FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3F355E-2DF0-4C75-8038-1AF8645AA2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6B456C-52E2-4242-BE96-48021CAD858C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61458A4E-5E5C-4B73-B7C7-BFF8EB7480DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5407BE1A-5AD5-47C9-A9AB-990356BC281F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "943E6F6A-5BDD-427C-AB51-AB3A827EC30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B02704B-0B2F-45E1-B40D-70B1C4E240D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B227D3EB-E34C-4D40-B66B-F28CD5A19336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E719FA6-DEF2-4DC5-A991-C678FF106453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10B34DFF-3CEB-427B-8343-4EA6331387EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70FC4B2C-D4B6-4B79-AFF2-FEACE38A239E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F3F98B-C84B-4D73-836E-97E750A5B04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "38C34290-1ED9-4170-ABD8-B93263C6C7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6455860-4AB6-4050-9CAF-BC893362BC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E72536FD-69C3-4959-A90C-AE22F8B3765E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A159EB-AF17-4055-B8F5-18F94F598DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85AEBCBE-66DF-40F0-B401-136BC7549ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88D6E261-3E05-437B-A868-FBCD4AF26627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F79CDC-8B6A-4688-9070-3674586E6F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAAAE71-A5D4-4298-AF95-3CA22E458B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE83AB29-4533-457C-A965-4C73D26BB7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2995281-FF11-447E-A46A-5D35122385E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iwork:webglimpse:2.18.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2D9280-4226-4AC4-9651-5CC3B839AF5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the DOC parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wgarcmin.cgi de WebGlimpse 2.18.7 y anteriores. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro DOC."
}
],
"id": "CVE-2009-5113",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-19T18:55:02.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/2628/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://websecurity.com.ua/2628/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74184"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…