cbcvebase.
CVE-2008-0454
published 2008-01-25

CVE-2008-0454: Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows…

PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
25.20%
97.7th percentile
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."

Affected

5 ranges
VendorProductVersion rangeFixed in
skype_technologiesskype<= 3.6.0.244
skype_technologiesskype
skype_technologiesskype
skype_technologiesskype
skype_technologiesskype
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.