{"api_version":"1","generated_at":"2026-04-26T00:54:32+00:00","cve":"CVE-2009-4266","urls":{"html":"https://cve.report/CVE-2009-4266","api":"https://cve.report/api/cve/CVE-2009-4266.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-4266","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-4266"},"summary":{"title":"CVE-2009-4266","description":"Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-12-10 16:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54582","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54582","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34366","name":"http://secunia.com/advisories/34366","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advanced Image Hosting Cross-Site Scripting and SQL Injection Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.exploit-db.com/exploits/10336","name":"http://www.exploit-db.com/exploits/10336","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Advanced Image Hosting v2.2 XSS","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-4266","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-4266","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"4266","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"yabsoft","cpe5":"advanced_image_hosting_script","cpe6":"2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"4266","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"yabsoft","cpe5":"advanced_image_hosting_script","cpe6":"2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T06:54:10.263Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"10336","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"http://www.exploit-db.com/exploits/10336"},{"name":"advancedimage-search-xss(54582)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54582"},{"name":"34366","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34366"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-12-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"10336","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"http://www.exploit-db.com/exploits/10336"},{"name":"advancedimage-search-xss(54582)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54582"},{"name":"34366","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34366"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-4266","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"10336","refsource":"EXPLOIT-DB","url":"http://www.exploit-db.com/exploits/10336"},{"name":"advancedimage-search-xss(54582)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54582"},{"name":"34366","refsource":"SECUNIA","url":"http://secunia.com/advisories/34366"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-4266","datePublished":"2009-12-10T16:00:00.000Z","dateReserved":"2009-12-10T00:00:00.000Z","dateUpdated":"2024-08-07T06:54:10.263Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-12-10 16:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yabsoft:advanced_image_hosting_script:2.2:*:*:*:*:*:*:*","matchCriteriaId":"4C372789-28E6-454A-AA8A-214BC42676B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:yabsoft:advanced_image_hosting_script:2.3:*:*:*:*:*:*:*","matchCriteriaId":"78C38AA7-43A4-453B-A1A9-E31F4B26159C"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"4266","Ordinal":"1","Title":"CVE-2009-4266","CVE":"CVE-2009-4266","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"4266","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter.","Type":"Description","Title":"CVE-2009-4266"},{"CveYear":"2009","CveId":"4266","Ordinal":"2","NoteData":"2009-12-10","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"4266","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}