Unrated severityNVD Advisory· Published May 7, 2009· Updated Apr 23, 2026

CVE-2009-1583

Description

Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

TemaTres 1.0.3 and 1.031 are vulnerable to multiple XSS attacks via various parameters, allowing remote script injection.

Vulnerability

TemaTres versions 1.0.3 and 1.031 are affected by multiple cross-site scripting (XSS) vulnerabilities. The flaws exist in the search form, in the _expresion_de_busqueda, letra, estado_id, and tema parameters to index.php, in the PATH_INFO to index.php, in unspecified parameters when editing a term (via edit_id and tema), and in the y, ord, and m parameters to sobre.php. [1]

Exploitation

An attacker can exploit these vulnerabilities by crafting a malicious URL containing injected JavaScript in any of the aforementioned parameters. No authentication or special network position is required; simply enticing a victim to click the link is sufficient. [1]

Impact

Successful exploitation allows an attacker to execute arbitrary web script or HTML in the victim's browser session, potentially leading to data theft, session hijacking, or defacement of the application within the context of the affected site. [1]

Mitigation

No official patch or fixed version has been disclosed in the available references. Users should implement strict input validation and output encoding, consider disabling the vulnerable functionality, or upgrade to a later version if one becomes available. [1]

References

OffSec’s Exploit Database Archive

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Tematres/Tematresinferred
Range: <= 1.031

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/34830nvdExploit
secunia.com/advisories/34983nvdVendor Advisory
secunia.com/advisories/34990nvdVendor Advisory
osvdb.org/54247nvd
www.securityfocus.com/archive/1/503252/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/50343nvd
www.exploit-db.com/exploits/8615nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000