CVE-2008-1183

Crafty Syntax Live Help <2.14.6 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the lostsheep.php vector is covered by CVE-2008-0848.

References (4)

[Vendor Advisory] http://secunia.com/advisories/29201

[Product] http://sourceforge.net/project/shownotes.php?release_id=580994

[Patch] http://www.securityfocus.com/bid/28071

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/40636

Scores

EPSS 0.0029

EPSS Percentile 51.7%

Classification

CWE

CWE-79

Status draft

Affected Products (3)

crafty_syntax_live_help/crafty_syntax_live_help

Timeline

Published Mar 06, 2008

Tracked Since Feb 18, 2026