CVE-2008-1967

Cezanne 6.5.1 and 7 - Cross-Site Scripting via SleUserName Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1967. PoCs published by Juan de la Fuente Costa.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Cezanne Software by injecting a malicious script into the 'SleUserName' parameter. The PoC uses a simple alert script to confirm the vulnerability.

Description

Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Juan de la Fuente Costa · textwebappsasp
https://www.exploit-db.com/exploits/31650

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Cezanne Software by injecting a malicious script into the 'SleUserName' parameter. The PoC uses a simple alert script to confirm the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Cezanne Software 6.5.1 and 7
Auth required
Prerequisites: Access to a valid account on the target system · Ability to send POST requests to the target URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28774
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490842/100/0/threaded
Various Sources x_refsource_misc
http://www.s21sec.com/avisos/s21sec-41-en.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41813
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3828

Scores

EPSS 0.0151
EPSS Percentile 71.1%

Details

CWE
CWE-79
Status published
Products (2)
cezannesw/cezanne 6.5.1
cezannesw/cezanne 7
Published Apr 27, 2008
Tracked Since Feb 18, 2026