CVE-2008-2082

Siteman 2.0.x2 - Cross-Site Scripting via Module Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-2082. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in Siteman 2.X, including XSS, LFI, and code execution. It provides step-by-step instructions for exploitation but does not include actual exploit code.

Description

Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Khashayar Fereidani · textwebappsphp

https://www.exploit-db.com/exploits/5499

View Code ZIP pw:eip

This is a writeup detailing multiple vulnerabilities in Siteman 2.X, including XSS, LFI, and code execution. It provides step-by-step instructions for exploitation but does not include actual exploit code.

Classification

Writeup 90%

Attack Type

Xss | Lfi | Rce

Complexity

Moderate

Reliability

Theoretical

Target: Siteman 2.X

Auth required

Prerequisites: Admin credentials for code execution and LFI · Access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Khashayar Fereidani · textwebappsphp

https://www.exploit-db.com/exploits/31709

View Code ZIP pw:eip

The provided text describes a local file inclusion (LFI) and cross-site scripting (XSS) vulnerability in Siteman 2.0.x2. It explains the attack vectors but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Siteman 2.0.x2

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28943

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5499

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42020

Exploit x_refsource_misc

http://ircrash.com/english/index.php?topic=29.0

Scores

EPSS 0.0147

EPSS Percentile 70.3%

Details

CWE

CWE-79

Status published

Products (1)

siteman/siteman 2.0

Published May 05, 2008

Tracked Since Feb 18, 2026