CVE-2008-0400
published 2008-01-23CVE-2008-0400: Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.45%
70.1th percentile
Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modern | modern | — | — |
| singapore | singapore | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
exploitdb·2009-05-26·CVSS 10.0
CVE-2008-3529 [CRITICAL] Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
---
#!/usr/bin/ruby
#
# Quick-n-dirty PoC for APPLE-SA-2009-05-12 ala CVE-2008-3529
# Safari RSS feed:// buffer overflow via libxml2 by KF of Digitalmunition and Netragard
# http://www.digitalmunition.com , http://www.netragard.com
#
# The application PubSubAgent quit unexpectedly.
#
# Process: PubSubAgent [3764]
# Path: /System/Library/Frameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.app/Contents/MacOS/PubSubAgent
# Identifier: PubSubAgent
# Version: ??? (???)
# Code Type: X86 (Native)
# Parent Process: launchd [282]
#
# Date/Time: 2008-10-31 15:31:41.355 -0400
# OS Version: Mac OS X 10.5.5 (9F33)
# Report Version: 6
#
# Exception Type: EXC_BAD_ACCESS (SIGSEGV)
# Exception Codes: KERN_INVALID_ADDRESS at 0x0000000
Exploit-DB
Singapore 0.10.1 Modern Template - 'gallery' Cross-Site Scripting
exploitdb·2008-01-21
CVE-2008-0400 Singapore 0.10.1 Modern Template - 'gallery' Cross-Site Scripting
Singapore 0.10.1 Modern Template - 'gallery' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/27382/info
singapore Modern template is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Modern 1.3.2 and prior versions are reported vulnerable. Reports indicate that Modern 1.3.2 ships with singapore 0.10.1 by default.
http://www.example.com/[singapore_path]/default.php?gallery=">alert(document.cookie);
No writeups or analysis indexed.
http://secunia.com/advisories/28573http://trew.icenetx.net/toolz/advisory-singapore-modern-template.txthttp://www.securityfocus.com/bid/27382http://www.vupen.com/english/advisories/2008/0234http://secunia.com/advisories/28573http://trew.icenetx.net/toolz/advisory-singapore-modern-template.txthttp://www.securityfocus.com/bid/27382http://www.vupen.com/english/advisories/2008/0234
2008-01-23
Published