CVE-2008-1413

SNewsCMS Rus <2.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by medprostuda.ru · textwebappsphp

https://www.exploit-db.com/exploits/31406

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/bid/28262

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41243

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489686/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/3757

Scores

EPSS 0.0182

EPSS Percentile 82.7%

Classification

CWE

CWE-79

Status draft

Affected Products (3)

snews/snews_cms_rus

Timeline

Published Mar 20, 2008

Tracked Since Feb 18, 2026