MOABI : Continuous Software Improvement

CVE-2009-5142
Description	Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.
Impact	CVSS v2 : 4.3 MEDIUM
Type	CWE-79
Attack Vector	CVSSv2 Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N
Quick links	CVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References	http://packetstormsecurity.com/files/127724/WordPress-Gamespeed-Theme-Cross-Site-Scripting.html http://www.osvdb.org/71878 https://code.google.com/p/timthumb/issues/detail?id=49 https://code.google.com/p/timthumb/source/detail?r=65