CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-7213

Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.4%

CVSS Severity

CVSS v2 Score 4.3

References

http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html
http://forum.mambo-foundation.org/showthread.php?t=10158
http://osvdb.org/42530
http://secunia.com/advisories/28670
http://www.bugreport.ir/index_33.htm
http://www.securityfocus.com/archive/1/487128/100/200/threaded
http://www.securityfocus.com/bid/27470
http://www.vupen.com/english/advisories/2008/0325
https://exchange.xforce.ibmcloud.com/vulnerabilities/39984
http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html
http://forum.mambo-foundation.org/showthread.php?t=10158
http://osvdb.org/42530
http://secunia.com/advisories/28670
http://www.bugreport.ir/index_33.htm
http://www.securityfocus.com/archive/1/487128/100/200/threaded
http://www.securityfocus.com/bid/27470
http://www.vupen.com/english/advisories/2008/0325
https://exchange.xforce.ibmcloud.com/vulnerabilities/39984

Products affected by CVE-2008-7213

Brilaps » Mostlyce » Version: Any

cpe:2.3:a:brilaps:mostlyce:*
Mambo-Foundation » Mambo » Version: Any

cpe:2.3:a:mambo-foundation:mambo:*
Mambo-Foundation » Mambo » Version: 4.6.2

cpe:2.3:a:mambo-foundation:mambo:4.6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-7213

Products

Pricing

Contact Us