CVE-2008-0208
published 2008-01-10CVE-2008-0208: Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.10%
61.6th percentile
Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| snitz_communications | snitz_forums_2000 | <= 3.4.05 | — |
| snitz_communications | snitz_forums_2000 | — | — |
| snitz_communications | snitz_forums_2000 | — | — |
| snitz_communications | snitz_forums_2000 | — | — |
| snitz_communications | snitz_forums_2000 | — | — |
| snitz_communications | snitz_forums_2000 | — | — |
| snitz_communications | snitz_forums_2000 | — | — |
| snitz_communications | snitz_forums_2000 | — | — |
| snitz_communications | snitz_forums_2000 | — | — |
| snitz_communications | snitz_forums_2000 | — | — |
| snitz_communications | snitz_forums_2000 | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pggx-gv99-973v: Cross-site scripting (XSS) vulnerability in login
ghsa_unreviewed·2022-05-01
CVE-2008-0208 [MEDIUM] CWE-79 GHSA-pggx-gv99-973v: Cross-site scripting (XSS) vulnerability in login
Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter.
Red Hat
php: XSS via PHP error messages
vendor_redhat·2008-12-19·CVSS 2.6
CVE-2008-5814 [LOW] CWE-79 php: XSS via PHP error messages
php: XSS via PHP error messages
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.
No detection rules found.
No public exploits indexed.
http://hackerscenter.com/archive/view.asp?id=28145http://secunia.com/advisories/28284http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txthttp://www.securityfocus.com/archive/1/485836/100/200/threadedhttp://www.securityfocus.com/bid/27162http://hackerscenter.com/archive/view.asp?id=28145http://secunia.com/advisories/28284http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txthttp://www.securityfocus.com/archive/1/485836/100/200/threadedhttp://www.securityfocus.com/bid/27162
2008-01-10
Published