Vulnerability Details CVE-2008-2644
Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/30477
- http://www.securityfocus.com/archive/1/493130/100/0/threaded
- http://www.securityfocus.com/bid/29496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42813
- https://www.exploit-db.com/exploits/5725
- http://secunia.com/advisories/30477
- http://www.securityfocus.com/archive/1/493130/100/0/threaded
- http://www.securityfocus.com/bid/29496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42813
- https://www.exploit-db.com/exploits/5725