CVE-2008-2756

Xigla Absolute Control Panel XE - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party information.

References (6)

[Exploit] http://bugreport.ir/index.php?/41

[Exploit] http://marc.info/?l=bugtraq&m=121322052622903&w=2

[Vendor Advisory] http://secunia.com/advisories/30609

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29672

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43048

[Third Party Advisory] http://securityreason.com/securityalert/3950

Scores

EPSS 0.0052

EPSS Percentile 66.3%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

xigla/absolute_control_panel_xe

Timeline

Published Jun 18, 2008

Tracked Since Feb 18, 2026