Unrated severityNVD Advisory· Published Apr 24, 2009· Updated Apr 23, 2026

CVE-2009-1408

Description

Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.

Affected products

Webspell/Webspell
cpe:2.3:a:webspell:webspell:4.2.0c:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.webspell.org/index.phpnvdPatchVendor Advisory
www.webspell.org/index.phpnvdPatchVendor Advisory
www.securityfocus.com/bid/34595nvdExploitPatch
secunia.com/advisories/34764nvdVendor Advisory
osvdb.org/53782nvd
www.securityfocus.com/archive/1/502732/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/49937nvd
www.exploit-db.com/exploits/8453nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000