CVE-2008-2398
EXPLOITED NUCLEIAppserv < 2.5.10 - XSS
Title source: ruleDescription
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/31808
Nuclei Templates (1)
AppServ Open Project <=2.5.10 - Cross-Site Scripting
MEDIUMby unstabl3
References (5)
Scores
EPSS
0.0040
EPSS Percentile
60.3%
Exploitation Intel
VulnCheck KEV
2025-06-07
Classification
CWE
CWE-79
Status
draft
Affected Products (36)
appserv_open_project/appserv
< 2.5.10
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
appserv_open_project/appserv
... and 21 more
Timeline
Published
May 21, 2008
Tracked Since
Feb 18, 2026