CVE-2008-0125
published 2008-03-24CVE-2008-0125: Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.47%
70.4th percentile
Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpstats | phpstats | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f826-phph-9gxw: Cross-site scripting (XSS) vulnerability in phpstats
ghsa_unreviewed·2022-05-01
CVE-2008-0125 [MEDIUM] CWE-79 GHSA-f826-phph-9gxw: Cross-site scripting (XSS) vulnerability in phpstats
Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter.
Red Hat
libnasl: OpenSSL incorrect checks for malformed signatures
vendor_redhat·2009-01-11·CVSS 5.8
CVE-2009-0125 [MEDIUM] libnasl: OpenSSL incorrect checks for malformed signatures
libnasl: OpenSSL incorrect checks for malformed signatures
NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification.
No detection rules found.
No writeups or analysis indexed.
http://securityreason.com/securityalert/3765http://www.securityfocus.com/archive/1/489722/100/0/threadedhttp://www.securityfocus.com/bid/28291https://exchange.xforce.ibmcloud.com/vulnerabilities/41261http://securityreason.com/securityalert/3765http://www.securityfocus.com/archive/1/489722/100/0/threadedhttp://www.securityfocus.com/bid/28291https://exchange.xforce.ibmcloud.com/vulnerabilities/41261
2008-03-24
Published