CVE-2008-6325

EPSS 1.5%

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.

Affected products

n/a · n/a

public PoCs found — 7

cve_referencepacketstorm.linuxsecurity.com/0812-exploits/classifieds-xss.txtunverified exploitdbwww.exploit-db.com/exploits/32616unverified exploitdbwww.exploit-db.com/exploits/32617unverified exploitdbwww.exploit-db.com/exploits/32613unverified exploitdbwww.exploit-db.com/exploits/32614unverified exploitdbwww.exploit-db.com/exploits/32615unverified exploitdbwww.exploit-db.com/exploits/32612unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstorm.linuxsecurity.com/0812-exploits/classifieds-xss.txt http://secunia.com/advisories/32828 https://exchange.xforce.ibmcloud.com/vulnerabilities/47008 http://www.securityfocus.com/bid/32569