CVE-2008-2861
Elinestudio Site Composer < 2.6 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by BugReport.IR · textwebappsphp
https://www.exploit-db.com/exploits/5859
References (6)
Scores
EPSS
0.0670
EPSS Percentile
91.1%
Classification
CWE
CWE-79
Status
draft
Affected Products (2)
elinestudio/site_composer
< 2.6
elinestudio/site_composer
Timeline
Published
Jun 25, 2008
Tracked Since
Feb 18, 2026