CVE-2008-2566
published 2008-06-06CVE-2008-2566: Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.53%
71.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
Affected
107 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chatelao | php_address_book | <= 7.0 | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vjq5-pjhp-xqm9: Cross-site scripting (XSS) vulnerability in preferences
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2012-1912 [MEDIUM] CWE-79 GHSA-vjq5-pjhp-xqm9: Cross-site scripting (XSS) vulnerability in preferences
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
GHSA
GHSA-j4wm-6wrv-77w7: Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3
ghsa_unreviewed·2022-05-01
CVE-2008-2566 [MEDIUM] CWE-79 GHSA-j4wm-6wrv-77w7: Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
No detection rules found.
Exploit-DB
PHP Address Book 6.2.12 - Multiple Vulnerabilities
exploitdb·2012-03-10
CVE-2012-2903 PHP Address Book 6.2.12 - Multiple Vulnerabilities
PHP Address Book 6.2.12 - Multiple Vulnerabilities
---
Advisory: PHP Address Book 6.2.12 Multiple security vulnerabilities
Advisory ID: SSCHADV2012-007
Author: Stefan Schurtz
Affected Software: Successfully tested on PHP Address Book 6.2.12
Vendor URL: http://sourceforge.net/projects/php-addressbook/
Vendor Status: informed
Vulnerability Description
PHP Address Book 6.2.12 is prone to multiple XSS and SQL-Injection vulnerabilities
PoC-Exploit
// (Blind) SQL-Injection
http://[target]/addressbook/edit.php?id=[sql-injection]
http://[target]/addressbook/group.php?add=Add to&group=1&selected%5b%5d=132&to_group=[sql-injection]
http://[target]/addressbook/vcard.php?id=[sql-injection]
// XSS
http://[target]/addressbook/preferences.php?from='"alert(document.cookie)
http://[target]/addressboo
Exploit-DB
PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting
exploitdb·2008-06-04
CVE-2013-1748 PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting
PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting
---
PHP-Address Book (SQL/XSS) Multiple Remote Vulnerabilities
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 4 June 2008
SITE : www.citec.us
#####################################################
APPLICATION : PHP-Address Book
VERSION :
http://[target]/[path]/index.php?group=
##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #
#########################################################
No writeups or analysis indexed.
http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.htmlhttp://secunia.com/advisories/30540https://exchange.xforce.ibmcloud.com/vulnerabilities/42856https://exchange.xforce.ibmcloud.com/vulnerabilities/99624https://www.exploit-db.com/exploits/5739http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.htmlhttp://secunia.com/advisories/30540https://exchange.xforce.ibmcloud.com/vulnerabilities/42856https://exchange.xforce.ibmcloud.com/vulnerabilities/99624https://www.exploit-db.com/exploits/5739
2008-06-06
Published