CVE-2008-2980

Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:homeph_design:homeph_design:2.10:rc2:*:*:*:*:*:*

History

21 Nov 2024, 00:48

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/43260 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/43260 -
References () https://www.exploit-db.com/exploits/5903 - () https://www.exploit-db.com/exploits/5903 -

Information

Published : 2008-07-02 17:14

Updated : 2024-11-21 00:48


NVD link : CVE-2008-2980

Mitre link : CVE-2008-2980

CVE.ORG link : CVE-2008-2980


JSON object : View

Products Affected

homeph_design

  • homeph_design
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')