Unrated severityNVD Advisory· Published Jan 22, 2009· Updated Apr 23, 2026

CVE-2009-0245

Description

Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

MyNETS 1.2.0.1 and earlier contains a cross-site scripting vulnerability that allows remote attackers to inject arbitrary web script or HTML.

Vulnerability

MyNETS, an open-source SNS software from Usagi Project, contains a cross-site scripting (XSS) vulnerability. Versions 1.2.0.1 and earlier are affected [1][2]. The vulnerability allows injection of arbitrary web script or HTML via unspecified vectors.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious web page that, when viewed by a user, executes arbitrary script in the user's browser [2]. No authentication is required, but user interaction (viewing the page) is necessary.

Impact

Successful exploitation allows the attacker to execute arbitrary script on the user's web browser, potentially leading to session hijacking, defacement, or redirection to malicious sites [1][2]. The impact is limited to the user's browser session.

Mitigation

The vendor recommends updating to the latest version [2]. No specific fixed version is mentioned in the available references. Users should apply patches or updates as provided by the developer [1].

References

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Usagi/Mynets6 versions
cpe:2.3:a:usagi:mynets:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:usagi:mynets:*:*:*:*:*:*:*:*range: <=1.2.0.1
- cpe:2.3:a:usagi:mynets:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:usagi:mynets:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:usagi:mynets:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:usagi:mynets:1.2.0:*:*:*:*:*:*:*
- (no CPE)range: <=1.2.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

usagi-project.org/PRESS/archives/57nvdPatchVendor Advisory
secunia.com/advisories/33409nvdVendor Advisory
jvn.jp/en/jp/JVN36802959/index.htmlnvd
jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000001.htmlnvd
www.securityfocus.com/bid/33145nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000