VYPR
Unrated severityNVD Advisory· Published Dec 2, 2009· Updated Jun 16, 2026

CVE-2009-4168

CVE-2009-4168

Description

Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

21
  • Roytanck/Wp Cumulus19 versions
    cpe:2.3:a:roytanck:wp-cumulus:*:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:roytanck:wp-cumulus:*:*:*:*:*:*:*:*range: <=1.22
    • cpe:2.3:a:roytanck:wp-cumulus:1.00:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.01:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.02:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.03:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.04:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.05:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:roytanck:wp-cumulus:1.2.1:*:*:*:*:*:*:*
  • Joomla/Joomulusllm-fuzzy
    Range: <=2.0
  • Range: <1.23

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.