CVE-2008-3569

XAMPP 1.6.7 - Cross-Site Scripting via text Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3569. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in XAMPP for Linux by injecting a malicious script via the 'text' parameter in the ming.php file. The PoC shows how arbitrary JavaScript can be executed in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Khashayar Fereidani · textremotelinux
https://www.exploit-db.com/exploits/32165

This exploit demonstrates a cross-site scripting (XSS) vulnerability in XAMPP for Linux by injecting a malicious script via the 'text' parameter in the ming.php file. The PoC shows how arbitrary JavaScript can be executed in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: XAMPP 1.6.7 for Linux
No auth needed
Prerequisites: Access to the vulnerable XAMPP instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Khashayar Fereidani · textremotelinux
https://www.exploit-db.com/exploits/32166

This exploit demonstrates a cross-site scripting (XSS) vulnerability in XAMPP for Linux by injecting arbitrary JavaScript code via the 'text' parameter in the iart.php file. The vulnerability arises due to insufficient input sanitization.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: XAMPP 1.6.7 for Linux
No auth needed
Prerequisites: Access to the vulnerable XAMPP instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44214
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30535
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4127
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495096/100/0/threaded

Scores

EPSS 0.0304
EPSS Percentile 85.8%

Details

CWE
CWE-79
Status published
Products (1)
apache_friends/xampp 1.6.7
Published Aug 10, 2008
Tracked Since Feb 18, 2026