CVE-2008-3100

Owl Intranet Knowledgebase <0.95 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Fabian Fingerle · textwebappsphp

https://www.exploit-db.com/exploits/32122

View Code ZIP pw:eip

References (7)

[Third Party Advisory] http://secunia.com/advisories/31264

[Exploit, Patch] http://www.datensalat.eu/~fabian/cve/CVE-2008-3100-Owl.html

[Exploit, Patch] http://www.securityfocus.com/bid/30410

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/494843/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44053

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2209

[Third Party Advisory] http://securityreason.com/securityalert/4057

Scores

EPSS 0.0925

EPSS Percentile 92.6%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

owl/intranet_knowledgebase < 0.95

owl/intranet_knowledgebase

Timeline

Published Jul 29, 2008

Tracked Since Feb 18, 2026