CVE-2008-0092

Phpwebsite - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RusH · perlwebappsphp

https://www.exploit-db.com/exploits/1217

View Code ZIP pw:eip

References (6)

[Various Sources] http://phpwebsite.appstate.edu/blog/2143

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/485704/100/0/threaded

[Exploit] http://www.securityfocus.com/bid/27090

[Third Party Advisory] http://secunia.com/advisories/28303

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39391

[Third Party Advisory] http://securityreason.com/securityalert/3511

Scores

EPSS 0.0467

EPSS Percentile 89.4%

Details

CWE

CWE-79

Status published

Products (1)

phpwebsite/phpwebsite 1.4.0

Published Jan 04, 2008

Tracked Since Feb 18, 2026