CVE-2008-1985

DigitalHive 2.0 RC2 - Cross-Site Scripting via mt Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-1985. PoCs published by ViRuSMaN, ZoRLu.

AI-analyzed exploit summary This is a writeup describing a remote file upload vulnerability in DigitalHive, allowing attackers to upload a malicious file disguised as an image (e.g., 'php.jpg') via the user profile modification feature. The document also mentions an XSS vulnerability but lacks executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by ViRuSMaN · textwebappslinux

https://www.exploit-db.com/exploits/10427

View Code ZIP pw:eip

This is a writeup describing a remote file upload vulnerability in DigitalHive, allowing attackers to upload a malicious file disguised as an image (e.g., 'php.jpg') via the user profile modification feature. The document also mentions an XSS vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: DigitalHive (version unspecified)

Auth required

Prerequisites: User account on the target DigitalHive instance · Access to the profile modification page

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31701

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Digital Hive 2.0 RC2, where user-supplied input is not properly sanitized. The vulnerability can be exploited via a crafted URL parameter to execute arbitrary script code in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Digital Hive 2.0 RC2

No auth needed

Prerequisites: Access to the target application · User interaction to visit the crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://www.z0rlu.ownspace.org/index.php?/archives/65-hive-v2.RC2-XSS.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28918

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42006

Scores

EPSS 0.0146

EPSS Percentile 70.2%

Details

CWE

CWE-79

Status published

Products (1)

digital_hive/digitalhive 2.0 rc2

Published Apr 27, 2008

Tracked Since Feb 18, 2026