CVE-2008-4931

Firmchannel Digital Signage - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Brad Antoniewicz · textwebappsphp
https://www.exploit-db.com/exploits/32566

References (4)

Scores

EPSS 0.0217
EPSS Percentile 84.1%

Classification

CWE
CWE-79
Status published

Affected Products (2)

firmchannel/digital_signage
n/a/n/a

Timeline

Published Nov 05, 2008
Tracked Since Feb 18, 2026