{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T16:36:00.237","vulnerabilities":[{"cve":{"id":"CVE-2009-1454","sourceIdentifier":"cve@mitre.org","published":"2009-04-28T16:30:03.547","lastModified":"2026-04-23T00:35:47.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action."},{"lang":"es","value":"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tasks.php en WebCollab anterior a v2.50 (alias Billy Goat) permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través de selección de parámetros en una tarea de acción."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:andrew_simpson:webcollab:*:*:*:*:*:*:*:*","versionEndIncluding":"2.40","matchCriteriaId":"D1B6A332-16AE-4941-B3BF-F46BE31E1632"},{"vulnerable":true,"criteria":"cpe:2.3:a:andrew_simpson:webcollab:2.20:*:*:*:*:*:*:*","matchCriteriaId":"35368D38-7D8C-4338-A54E-9EEA5257C87A"},{"vulnerable":true,"criteria":"cpe:2.3:a:andrew_simpson:webcollab:2.30:*:*:*:*:*:*:*","matchCriteriaId":"9840E707-2DCC-4585-A74D-CAC8A93D1738"},{"vulnerable":true,"criteria":"cpe:2.3:a:andrew_simpson:webcollab:2.31:*:*:*:*:*:*:*","matchCriteriaId":"817D79BC-7532-4797-85C9-79D5BC27BA8E"}]}]}],"references":[{"url":"http://holisticinfosec.org/content/view/108/45/","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://secunia.com/advisories/34568","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.osvdb.org/53780","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/34576","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49939","source":"cve@mitre.org"},{"url":"http://holisticinfosec.org/content/view/108/45/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://secunia.com/advisories/34568","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.osvdb.org/53780","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/34576","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49939","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}