CVE-2008-1985

DigitalHive 2.0 RC2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by ViRuSMaN · textwebappslinux

https://www.exploit-db.com/exploits/10427

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31701

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/28918

[Exploit] http://www.z0rlu.ownspace.org/index.php?/archives/65-hive-v2.RC2-XSS.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42006

Scores

EPSS 0.0048

EPSS Percentile 64.8%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

digital_hive/digitalhive

Timeline

Published Apr 27, 2008

Tracked Since Feb 18, 2026