CVE-2008-1888

Microsoft Windows SharePoint Services 2.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1888. PoCs published by OneIdBeagl3.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Microsoft SharePoint Server 2.0, allowing attackers to inject arbitrary JavaScript code into pages. The PoC requires an authenticated user with edit privileges to inject the payload.

Description

Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.

Exploits (1)

exploitdb WORKING POC VERIFIED
by OneIdBeagl3 · textremotewindows
https://www.exploit-db.com/exploits/31632

This exploit demonstrates an HTML injection vulnerability in Microsoft SharePoint Server 2.0, allowing attackers to inject arbitrary JavaScript code into pages. The PoC requires an authenticated user with edit privileges to inject the payload.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Microsoft SharePoint Server 2.0
Auth required
Prerequisites: Authenticated user account with page edit privileges
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28706
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41934
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490624/100/0/threaded
Various Sources x_refsource_misc
http://www.caughq.org/advisories/CAU-2008-0002.txt

Scores

EPSS 0.2496
EPSS Percentile 96.2%

Details

CWE
CWE-79
Status published
Products (1)
microsoft/sharepoint_server 2.0
Published Apr 18, 2008
Tracked Since Feb 18, 2026