CVE-2008-4727

Sungard Banner Student - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContacts) in SunGard Banner Student 7.3 allows remote attackers to inject arbitrary web script or HTML via the addr1 parameter. NOTE: this might be resultant from a CSRF vulnerability, but there are insufficient details to be sure.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Brendan M. Hickey · htmlwebappsjava

https://www.exploit-db.com/exploits/31073

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/41077

[Third Party Advisory, VDB Entry] http://osvdb.org/41078

[Third Party Advisory, VDB Entry] http://downloads.securityfocus.com/vulnerabilities/exploits/27490.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/487250/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27490

[Third Party Advisory] http://securityreason.com/securityalert/4494

Scores

EPSS 0.0562

EPSS Percentile 90.2%

Classification

CWE

CWE-79

Status published

Affected Products (2)

sungard/banner_student

n/a/n/a

Timeline

Published Oct 24, 2008

Tracked Since Feb 18, 2026