CVE-2008-1896

Carbon Communities <2.4 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED
by BugReport.IR · textwebappsasp
https://www.exploit-db.com/exploits/5456

References (6)

Scores

EPSS 0.0670
EPSS Percentile 91.1%

Classification

CWE
CWE-79
Status draft

Affected Products (6)

carboncommunities/carbon_communities < 2.4
carboncommunities/carbon_communities
carboncommunities/carbon_communities
carboncommunities/carbon_communities
carboncommunities/carbon_communities
carboncommunities/carbon_communities

Timeline

Published Apr 18, 2008
Tracked Since Feb 18, 2026