← back
CVE-2008-0877

CVE-2008-0877

EPSS 1.5%
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
Affected products
n/a · n/a
public PoCs found4
exploitdbwww.exploit-db.com/exploits/31236unverifiedexploitdbwww.exploit-db.com/exploits/31235unverifiedexploitdbwww.exploit-db.com/exploits/31238unverifiedexploitdbwww.exploit-db.com/exploits/31237unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/29023http://securityreason.com/securityalert/3683http://www.securityfocus.com/archive/1/488326/100/0/threadedhttp://www.securityfocus.com/bid/27876