CVE-2008-4751
published 2008-10-27CVE-2008-4751: Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.78%
75.4th percentile
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| epistream | ipei_guestbook | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OTRS 3.1 - Persistent Cross-Site Scripting
exploitdb·2012-10-18
CVE-2012-4751 OTRS 3.1 - Persistent Cross-Site Scripting
OTRS 3.1 - Persistent Cross-Site Scripting
---
#!/usr/bin/python
'''
Author: Mike Eduard - Znuny - Enterprise Services for OTRS
Product: OTRS Open Technology Real Services
Version: 3.1.8, 3.1.9 and 3.1.10
Vendor Homepage: http://otrs.org
CVE: 2012-4751
Timeline:
03 Sep 2012: Vulnerability reported + fix to vendor
04 Sep 2012: Vulnerability reported to CERT
05 Sep 2012: Response received from CERT
28 Sep 2012: Update from vendor to have it fixed and released on 16 Oct 2012
16 Oct 2012: Update: vulnerability patched
http://www.kb.cert.org/vuls/id/603276
http://znuny.com/#!/advisory/ZSA-2012-03
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/
17 Oct 2012: Public Disclosure
Installed On: Windows Server 2008 R2 & Open SUSE 12.1
Client Test O
Exploit-DB
OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
exploitdb·2012-08-31
CVE-2012-4751 OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
---
#!/usr/bin/python
'''
Author: Mike Eduard - Znuny - Enterprise Services for OTRS
Product: OTRS Open Technology Real Services
Version: 3.1.8 and 3.1.9
Vendor Homepage: http://otrs.org
CVE: 2012-4600
Timeline:
22 Aug 2012: Vulnerability reported to vendor and CERT
23 Aug 2012: Response received from CERT and vendor
28 Aug 2012: Update from vendor to have it fixed and released on 30 Aug 2012
30 Aug 2012: Update: vulnerability patched
http://www.kb.cert.org/vuls/id/511404
http://znuny.com/#!/advisory/ZSA-2012-02
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-02/
31 Aug 2012: Public Disclosure
Installed On: Windows Server 2008 R2 & Open SUSE 12.1
Client Test OS: Window 7
Exploit-DB
iPeGuestbook 1.7/2.0 - 'pg' Cross-Site Scripting
exploitdb·2008-10-24
CVE-2008-4751 iPeGuestbook 1.7/2.0 - 'pg' Cross-Site Scripting
iPeGuestbook 1.7/2.0 - 'pg' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/31911/info
iPei Guestbook is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/index.php?pg=c0d3_xss
No writeups or analysis indexed.
http://packetstormsecurity.org/0810-exploits/ipei-xss.txthttp://secunia.com/advisories/32429http://securityreason.com/securityalert/4510http://www.securityfocus.com/archive/1/497783/100/0/threadedhttp://www.securityfocus.com/bid/31911http://www.vupen.com/english/advisories/2008/2920https://exchange.xforce.ibmcloud.com/vulnerabilities/46111http://packetstormsecurity.org/0810-exploits/ipei-xss.txthttp://secunia.com/advisories/32429http://securityreason.com/securityalert/4510http://www.securityfocus.com/archive/1/497783/100/0/threadedhttp://www.securityfocus.com/bid/31911http://www.vupen.com/english/advisories/2008/2920https://exchange.xforce.ibmcloud.com/vulnerabilities/46111
2008-10-27
Published