cbcvebase.
CVE-2008-2024
published 2008-04-30

CVE-2008-2024: Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject…

PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.55%
71.9th percentile
Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.

Affected

22 ranges
VendorProductVersion rangeFixed in
minibbminibb<= 2.2
msrcwindows_10
msrcwindows_10_version_1607
msrcwindows_10_version_1809
msrcwindows_10_version_21h2
msrcwindows_10_version_22h2
msrcwindows_11_version_21h2
msrcwindows_11_version_22h2
msrcwindows_11_version_23h2
msrcwindows_11_version_24h2
msrcwindows_server_2008
msrcwindows_server_2008_for_32-bit_systems_service_pack_2
msrcwindows_server_2008_for_x64-based_systems_service_pack_2
msrcwindows_server_2008_r2
msrcwindows_server_2008_r2_for_x64-based_systems_service_pack_1
msrcwindows_server_2012
msrcwindows_server_2012_r2
msrcwindows_server_2016
msrcwindows_server_2019
msrcwindows_server_2022
msrcwindows_server_2022_23h2_edition
rubyrexml>= 0 < 3.3.33.3.3

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc8.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.