{"id":"CVE-2009-2937","details":"Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.","modified":"2024-06-04T04:00:19Z","published":"2009-09-18T10:30:01Z","withdrawn":"2024-06-30T15:58:27.224645Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/36636"},{"type":"ADVISORY","url":"http://secunia.com/advisories/36766"},{"type":"EVIDENCE","url":"http://www.securityfocus.com/bid/36392"},{"type":"FIX","url":"http://intertwingly.net/blog/2009/09/09/Venus-Updates"},{"type":"FIX","url":"http://lists.planetplanet.org/archives/devel/2009-September/001999.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=522802"},{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546178"},{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546179"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00504.html"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00525.html"}],"affected":[{"package":{"name":"planet-venus","ecosystem":"Debian:10","purl":"pkg:deb/debian/planet-venus?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0~bzr116-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-2937.json"}}],"schema_version":"1.7.3"}