CVE-2008-3483

ScrewTurn Wiki <2.0.29-2.0.30 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3483. PoCs published by Portcullis.

AI-analyzed exploit summary The provided text describes an HTML-injection vulnerability in ScrewTurn Wiki versions 2.0.29 and 2.0.30, where user-supplied input is not properly sanitized, allowing for XSS attacks. The example URI demonstrates how an attacker could inject script code into the application.

Description

Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Portcullis · textwebappsphp
https://www.exploit-db.com/exploits/32126

The provided text describes an HTML-injection vulnerability in ScrewTurn Wiki versions 2.0.29 and 2.0.30, where user-supplied input is not properly sanitized, allowing for XSS attacks. The example URI demonstrates how an attacker could inject script code into the application.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ScrewTurn Wiki 2.0.29, 2.0.30
No auth needed
Prerequisites: Access to a vulnerable ScrewTurn Wiki instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30429
Various Sources x_refsource_misc
http://www.portcullis.co.uk/281.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42858
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31242
Various Sources x_refsource_confirm
http://www.screwturn.eu/Wiki.ashx#History_2

Scores

EPSS 0.0151
EPSS Percentile 71.0%

Details

CWE
CWE-79
Status published
Products (2)
screwturn/screwturn_wiki 2.0.29
screwturn/screwturn_wiki 2.0.30
Published Aug 05, 2008
Tracked Since Feb 18, 2026