CVE-2008-2202

Maianscriptworld Maian Uploader - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Khashayar Fereidani · textwebappsphp

https://www.exploit-db.com/exploits/31742

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Khashayar Fereidani · textwebappsphp

https://www.exploit-db.com/exploits/31743

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Khashayar Fereidani · textwebappsphp

https://www.exploit-db.com/exploits/31741

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://secunia.com/advisories/30096

[Exploit] http://www.securityfocus.com/bid/29051

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42203

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/491599/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/3882

Scores

EPSS 0.0039

EPSS Percentile 59.9%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

maianscriptworld/maian_uploader

Timeline

Published May 14, 2008

Tracked Since Feb 18, 2026