CVE-2008-1037

Packeteer Packetshaper - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page.

Exploits (1)

exploitdb WRITEUP VERIFIED

by nnposter · textremotehardware

https://www.exploit-db.com/exploits/31298

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://secunia.com/advisories/29119

[Exploit] http://www.securityfocus.com/bid/27982

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019501

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/488712/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/3701

Scores

EPSS 0.0057

EPSS Percentile 68.4%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

packeteer/packetshaper

packeteer/policycenter

Timeline

Published Feb 27, 2008

Tracked Since Feb 18, 2026