cbcvebase.
CVE-2008-2022
published 2008-04-30

CVE-2008-2022: Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid…

PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.47%
87.6th percentile
Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
github.commigueldeicaza_swiftterm>= 0 < 1.2.01.2.0
googlechrome_chrome
msrcremote_desktop_client
msrcwindows_10
msrcwindows_10_version_1607
msrcwindows_10_version_1809
msrcwindows_10_version_1909
msrcwindows_10_version_20h2
msrcwindows_10_version_21h1
msrcwindows_10_version_21h2
msrcwindows_11_version_21h2
msrcwindows_7
msrcwindows_8.1
msrcwindows_rt_8.1
msrcwindows_server_2008
msrcwindows_server_2008_for_32-bit_systems_service_pack_2
msrcwindows_server_2008_for_x64-based_systems_service_pack_2
msrcwindows_server_2008_r2
msrcwindows_server_2008_r2_for_x64-based_systems_service_pack_1
msrcwindows_server_2012
msrcwindows_server_2012_r2
msrcwindows_server_2016
msrcwindows_server_2019
msrcwindows_server_2022
msrcwindows_server_2022_23h2_edition

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa7.3HIGH
cisa8.8HIGH
vendor_msrc8.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.