CVE-2008-1793

Hoffice Smart Classified Ads - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Smart Classified ADS Professional, Smart Photo ADS, and Smart Photo ADS Gold allow remote attackers to inject arbitrary web script or HTML via the (1) AdNum and (2) Department parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References (3)

[Vendor Advisory] http://secunia.com/advisories/29623

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41611

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28595

Scores

EPSS 0.0030

EPSS Percentile 52.7%

Classification

CWE

CWE-79

Status draft

Affected Products (3)

hoffice/smart_classified_ads

hoffice/smart_photo_ads

hoffice/smart_photo_ads_gold

Timeline

Published Apr 15, 2008

Tracked Since Feb 18, 2026