CVE-2008-0398

Aflog < 1.01 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.

Exploits (1)

exploitdb WRITEUP VERIFIED

by shinmai · textwebappsphp

https://www.exploit-db.com/exploits/4958

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/bid/27398

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4958

[Third Party Advisory] http://secunia.com/advisories/28594

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0255

Scores

EPSS 0.0348

EPSS Percentile 87.4%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

aflog/aflog < 1.01

Timeline

Published Jan 23, 2008

Tracked Since Feb 18, 2026