CVE-2008-3510

Crafty Syntax Live Help <2.14.6 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CoRSaNTuRK · textwebappsphp

https://www.exploit-db.com/exploits/32169

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/31340

[Various Sources] http://www.craftysyntax.com/help/viewtopic.php?t=3945

[Exploit] http://www.securityfocus.com/bid/30543

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44228

Scores

EPSS 0.0029

EPSS Percentile 52.1%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

crafty_syntax_live_help/crafty_syntax_live_help

Timeline

Published Aug 07, 2008

Tracked Since Feb 18, 2026