CVE-2008-2202

Maian Uploader 4.0 - Stored Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-2202. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Maian Uploader 4.0, where user-supplied input is not properly sanitized. The example demonstrates an XSS payload injected via the 'keywords' parameter in a search command.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Khashayar Fereidani · textwebappsphp
https://www.exploit-db.com/exploits/31741

The provided text describes a cross-site scripting (XSS) vulnerability in Maian Uploader 4.0, where user-supplied input is not properly sanitized. The example demonstrates an XSS payload injected via the 'keywords' parameter in a search command.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Maian Uploader 4.0
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Khashayar Fereidani · textwebappsphp
https://www.exploit-db.com/exploits/31742

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Maian Uploader 4.0 by injecting a malicious script via the 'keywords' parameter in a search query. The PoC uses a simple alert-based payload to confirm the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Maian Uploader 4.0
No auth needed
Prerequisites: Access to the target application's admin interface
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Khashayar Fereidani · textwebappsphp
https://www.exploit-db.com/exploits/31743

This exploit demonstrates multiple XSS vulnerabilities in Maian Uploader 4.0 by injecting arbitrary JavaScript code via unsanitized parameters in the admin header.php file. The PoC provides specific URLs to trigger the XSS payloads.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Maian Uploader 4.0
No auth needed
Prerequisites: Access to the target URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491599/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30096
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3882
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42203
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29051

Scores

EPSS 0.0154
EPSS Percentile 71.6%

Details

CWE
CWE-79
Status published
Products (1)
maianscriptworld/maian_uploader 4.0
Published May 14, 2008
Tracked Since Feb 18, 2026