CVE-2008-0848

Crafty Syntax Live Help < 2.4.15 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect.

References (7)

[Vendor Advisory] http://secunia.com/advisories/29201

[Product] http://sourceforge.net/project/shownotes.php?release_id=580994

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/40636

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/488286/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489016/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27859

[Third Party Advisory] http://securityreason.com/securityalert/3688

Scores

EPSS 0.0047

EPSS Percentile 64.5%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

crafty_syntax_live_help/crafty_syntax_live_help < 2.4.15

Timeline

Published Feb 21, 2008

Tracked Since Feb 18, 2026