CVE-2008-7036
published 2009-08-24CVE-2008-7036: Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.50%
71.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bcoos | bcoos | <= 1.1.11 | — |
| bcoos | bcoos | — | — |
| bcoos | bcoos | — | — |
| bcoos | bcoos | — | — |
| bcoos | bcoos | — | — |
| bcoos | bcoos | — | — |
| bcoos | devtracker | — | — |
| bcoos | devtracker | — | — |
| e-xoops | e-xoops | <= 1.08 | — |
| e-xoops | e-xoops | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://lostmon.blogspot.com/2008/02/bcoos-and-e-xoops-devtracker-module-two.htmlhttp://osvdb.org/44334http://osvdb.org/44335http://www.securityfocus.com/bid/27619https://exchange.xforce.ibmcloud.com/vulnerabilities/40306http://lostmon.blogspot.com/2008/02/bcoos-and-e-xoops-devtracker-module-two.htmlhttp://osvdb.org/44334http://osvdb.org/44335http://www.securityfocus.com/bid/27619https://exchange.xforce.ibmcloud.com/vulnerabilities/40306
2009-08-24
Published