CVE-2008-2508

TR Script News - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in news.php in Tr Script News 2.1 allows remote attackers to inject arbitrary web script or HTML via the "nb" parameter in voir mode.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31855

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/29388

[Exploit] http://www.z0rlu.ownspace.org/index.php?/archives/91-TR-News-v2.1-xss.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42648

Scores

EPSS 0.0026

EPSS Percentile 48.6%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

tr_script_news/tr_script_news

Timeline

Published May 29, 2008

Tracked Since Feb 18, 2026