CVE-2008-3180
published 2008-07-15CVE-2008-3180: Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.57%
72.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) pageid parameter or (2) PATH_INFO.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cwh_underground | contentnow_cms | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gmpc-xgf5-4prf: Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu
ghsa_unreviewed·2022-05-01
CVE-2008-3180 [MEDIUM] CWE-79 GHSA-gmpc-xgf5-4prf: Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu
Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) pageid parameter or (2) PATH_INFO.
Cisco
Default Passwords in the Application Velocity System
vendor_cisco·2008-01-23·CVSS 10.0
CVE-2008-0029 [CRITICAL] CWE-264 Default Passwords in the Application Velocity System
Default Passwords in the Application Velocity System
Versions of the Cisco Application Velocity System (AVS) prior to
software version AVS 5.1.0 do not prompt users to modify system account
passwords during the initial configuration process. Because there is no
requirement to change these credentials during the initial configuration
process, an attacker may be able to leverage the accounts that have default
credentials, some of which have root privileges, to take full administrative
control of the AVS system.
After upgrading to software version AVS 5.1.0, users will be prompted
to modify these credentials.
Cisco will make free upgrade software available to address this
vulnerability for affected customers. The software upgrade will be applicable
only for the AVS 3120, 3180, and 3180A sy
Cisco
Default Passwords in the Application Velocity System
vendor_cisco
CVE-2008-0029 Default Passwords in the Application Velocity System
CVE-2008-0029: Default Passwords in the Application Velocity System
Versions of the Cisco Application Velocity System (AVS) prior to software version AVS 5.1.0 do not prompt users to modify system account passwords during the initial configuration process. Because there is no requirement to change these credentials during the initial configuration process, an attacker may be able to leverage the accounts that have default credentials, some of which have root privileges, to take full administrative control of the AVS system. After upgrading to software version AVS 5.1.0, users will be prompted to modify these credentials. Cisco will make free upgrade software available to address this vulnerability for affected customers. The software upgrade will be applicable only for the AVS 3120, 3180,
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/30888http://securityreason.com/securityalert/3990http://www.securityfocus.com/bid/30102https://exchange.xforce.ibmcloud.com/vulnerabilities/43610https://www.exploit-db.com/exploits/6011http://secunia.com/advisories/30888http://securityreason.com/securityalert/3990http://www.securityfocus.com/bid/30102https://exchange.xforce.ibmcloud.com/vulnerabilities/43610https://www.exploit-db.com/exploits/6011
2008-07-15
Published