CVE-2008-6982
published 2009-08-19CVE-2008-6982: Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.73%
92.1th percentile
Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devalcms | devalcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution
exploitdb·2008-09-05
CVE-2008-6983 Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution
Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution
---
#!/usr/bin/python
#####################################################################################
#### devalcms v1.4a Remote Code Execution Exploit / Xss ####
#####################################################################################
# #
#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) #
#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) #
#Our Site : Http://IRCRASH.COM #
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) #
#####################################################################################
# #
#Download : http://www.sourceforge.net/projects/devalcms #
# #
#DORK : "powered by devalcms v1.4.a" #
# #
################################################################################
Nuclei
Devalcms 1.4a - Cross-Site Scripting
nuclei·CVSS 4.3
CVE-2008-6982 [MEDIUM] Devalcms 1.4a - Cross-Site Scripting
Devalcms 1.4a - Cross-Site Scripting
Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
Template:
id: CVE-2008-6982
info:
name: Devalcms 1.4a - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://www.exploit-db.com/exploits/6369
- http://sourceforge.net/projects/devalc
http://osvdb.org/47971http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/downloadhttp://www.securityfocus.com/bid/31037https://exchange.xforce.ibmcloud.com/vulnerabilities/44940https://www.exploit-db.com/exploits/6369http://osvdb.org/47971http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/downloadhttp://www.securityfocus.com/bid/31037https://exchange.xforce.ibmcloud.com/vulnerabilities/44940https://www.exploit-db.com/exploits/6369
2009-08-19
Published