CVE-2008-2413

Acgv.free Acgv News - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31802

View Code ZIP pw:eip

References (3)

[Exploit] http://www.z0rlu.ownspace.org/index.php?/archives/84-ACGV-News-v0.9.1-2003-SQL-inj.-XSS.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29253

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42491

Scores

EPSS 0.0026

EPSS Percentile 48.6%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

acgv.free/acgv_news

Timeline

Published May 22, 2008

Tracked Since Feb 18, 2026