cbcvebase.
CVE-2008-2398
published 2008-05-21

CVE-2008-2398: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML…

PriorityP269medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
6.23%
92.7th percentile
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.

Affected

36 ranges· showing 25
VendorProductVersion rangeFixed in
appserv_open_projectappserv<= 2.5.10
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv
appserv_open_projectappserv

Detection & IOCsextracted from sources · hover to see the quote

url{{BaseURL}}/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E
path/index.php?appservlang=
other<svg/onload=confirm('xss')>
  • Look for GET requests to /index.php with the 'appservlang' parameter containing HTML/script injection payloads (e.g., <svg/onload=...>, ">). The injected value is reflected directly in the response body.
  • Match HTTP 200 responses with Content-Type: text/html that contain the reflected XSS payload string in the body, specifically the unescaped <svg/onload=confirm('xss')> string.
  • The vulnerability is in AppServ Open Project 2.5.10 and earlier. Fingerprint the target for this version range when triaging alerts.
  • Attackers may use this XSS to steal cookie-based authentication credentials; monitor for anomalous cookie exfiltration following exploitation of this endpoint.
  • ·The Nuclei probe uses a URL-encoded payload; detection rules must URL-decode the appservlang parameter value before matching to avoid false negatives.
  • ·The vulnerability affects AppServ 2.5.10 and earlier; versions 2.5.11 and above are not affected and should be excluded from scanning scope.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.