CVE-2008-3941

bizdirectory < 2.04 - Cross-Site Scripting via Search Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3941. PoCs published by Am!r.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in IDevSpot BizDirectory 2.04, where user-supplied input is not properly sanitized. The vulnerability can be exploited via a crafted URL parameter, allowing arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Am!r · textwebappsphp
https://www.exploit-db.com/exploits/32312

The provided text describes a cross-site scripting (XSS) vulnerability in IDevSpot BizDirectory 2.04, where user-supplied input is not properly sanitized. The vulnerability can be exploited via a crafted URL parameter, allowing arbitrary script execution in the context of the affected site.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: IDevSpot BizDirectory 2.04
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=122039853426550&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30980
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4222

Scores

EPSS 0.0146
EPSS Percentile 70.1%

Details

CWE
CWE-79
Status published
Products (3)
bizdirectory/bizdirectory 1.9
bizdirectory/bizdirectory 2.0
bizdirectory/bizdirectory < 2.04
Published Sep 05, 2008
Tracked Since Feb 18, 2026