Vulnerability Details CVE-2008-7036
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.1%
CVSS Severity
CVSS v2 Score 4.3
Products affected by CVE-2008-7036
-
-
cpe:2.3:a:bcoos:bcoos:1.0.10
-
cpe:2.3:a:bcoos:bcoos:1.0.11
-
cpe:2.3:a:bcoos:bcoos:1.0.12
-
cpe:2.3:a:bcoos:bcoos:1.0.13
-
cpe:2.3:a:bcoos:bcoos:1.0.9
-
cpe:2.3:a:bcoos:devtracker:0.20
-
cpe:2.3:a:bcoos:devtracker:3.0
-
cpe:2.3:a:e-xoops:e-xoops:*
-
cpe:2.3:a:e-xoops:e-xoops:1.05