CVE-2008-4372

AvailScript Article Script - Cross-Site Scripting via aIDS Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4372. PoCs published by sl4xUz.

AI-analyzed exploit summary The provided code is a writeup detailing SQL injection and XSS vulnerabilities in Availscript Article Script. It includes PoC URLs but no executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by sl4xUz · textwebappsphp
https://www.exploit-db.com/exploits/6409

The provided code is a writeup detailing SQL injection and XSS vulnerabilities in Availscript Article Script. It includes PoC URLs but no executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: Availscript Article Script (version not specified)
No auth needed
Prerequisites: access to the vulnerable articles.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45020
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31095
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6409
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4331
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31816

Scores

EPSS 0.0149
EPSS Percentile 70.7%

Details

CWE
CWE-79
Status published
Products (1)
availscript/availscript_article_script
Published Oct 01, 2008
Tracked Since Feb 18, 2026