CVE-2008-1174

AuthentiX 6.3b1 Trial - Cross-Site Scripting via editUser.asp Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1174. PoCs published by William Hicks.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Flicks Software AuthentiX, where user-supplied input is not properly sanitized. The example demonstrates a URL-based XSS attack using a META refresh tag to redirect users to a malicious site.

Description

Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by William Hicks · textwebappsasp
https://www.exploit-db.com/exploits/31314

The provided text describes a cross-site scripting (XSS) vulnerability in Flicks Software AuthentiX, where user-supplied input is not properly sanitized. The example demonstrates a URL-based XSS attack using a META refresh tag to redirect users to a malicious site.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: AuthentiX 6.3b1 Trial Version
No auth needed
Prerequisites: Access to the vulnerable URL parameter
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=120410229721185&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1019520
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28040
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29142

Scores

EPSS 0.0056
EPSS Percentile 68.6%

Details

CWE
CWE-79
Status published
Products (1)
flicks_software/authentix 6.3b1
Published Mar 06, 2008
Tracked Since Feb 18, 2026