CVE-2008-2987
published 2008-07-02CVE-2008-2987: Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1)…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.54%
71.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| benjacms | benja_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Benja CMS 0.1 - '/admin/admin_edit_topmenu.php' Cross-Site Scripting
exploitdb·2008-06-23
CVE-2008-2987 Benja CMS 0.1 - '/admin/admin_edit_topmenu.php' Cross-Site Scripting
Benja CMS 0.1 - '/admin/admin_edit_topmenu.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/29884/info
The 'benja CMS' program is prone to multiple vulnerabilities because it fails to adequately validate input and restrict access. These issues include three cross-site scripting issues, an arbitrary-file-upload issue, and a vulnerability that allows unauthorized access to an administrative script.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to run arbitrary script code in the context of the application, or to access administrative scripts.
These issues affect 'benja CMS 0.1'; other versions may also be affected.
http://www.example.com/[benjacms_path]/admin/admin_edit_topmenu.php/
Exploit-DB
Benja CMS 0.1 - '/admin/admin_edit_submenu.php' Cross-Site Scripting
exploitdb·2008-06-23
CVE-2008-2987 Benja CMS 0.1 - '/admin/admin_edit_submenu.php' Cross-Site Scripting
Benja CMS 0.1 - '/admin/admin_edit_submenu.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/29884/info
The 'benja CMS' program is prone to multiple vulnerabilities because it fails to adequately validate input and restrict access. These issues include three cross-site scripting issues, an arbitrary-file-upload issue, and a vulnerability that allows unauthorized access to an administrative script.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to run arbitrary script code in the context of the application, or to access administrative scripts.
These issues affect 'benja CMS 0.1'; other versions may also be affected.
http://www.example.com/[benjacms_path]/admin/admin_edit_submenu.php/
Exploit-DB
Benja CMS 0.1 - '/admin/admin_new_submenu.php' Cross-Site Scripting
exploitdb·2008-06-23
CVE-2008-2987 Benja CMS 0.1 - '/admin/admin_new_submenu.php' Cross-Site Scripting
Benja CMS 0.1 - '/admin/admin_new_submenu.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/29884/info
The 'benja CMS' program is prone to multiple vulnerabilities because it fails to adequately validate input and restrict access. These issues include three cross-site scripting issues, an arbitrary-file-upload issue, and a vulnerability that allows unauthorized access to an administrative script.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to run arbitrary script code in the context of the application, or to access administrative scripts.
These issues affect 'benja CMS 0.1'; other versions may also be affected.
http://www.example.com/[benjacms_path]/admin/admin_new_submenu.php/
http://secunia.com/advisories/30834http://securityreason.com/securityalert/3958http://www.securityfocus.com/archive/1/493568/100/0/threadedhttp://www.securityfocus.com/bid/29884https://exchange.xforce.ibmcloud.com/vulnerabilities/43284http://secunia.com/advisories/30834http://securityreason.com/securityalert/3958http://www.securityfocus.com/archive/1/493568/100/0/threadedhttp://www.securityfocus.com/bid/29884https://exchange.xforce.ibmcloud.com/vulnerabilities/43284
2008-07-02
Published