cbcvebase.
CVE-2008-7140
published 2009-09-01

CVE-2008-7140: Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the…

PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.48%
70.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) language_setup parameter to setup.php or (2) test parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: a third party has been reported that the test parameter is not used in @lex Guestbook.

Affected

6 ranges
VendorProductVersion rangeFixed in
alexguestbooklex_guestbook<= 4.0.5
alexguestbooklex_guestbook
alexguestbooklex_guestbook
alexguestbooklex_guestbook
alexguestbooklex_guestbook
alexguestbooklex_guestbook
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.