Description
Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Brad Antoniewicz · textwebappsphp
https://www.exploit-db.com/exploits/32566
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32549
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498042/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4566
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/49564
Scores
EPSS
0.0217
EPSS Percentile
84.4%
Details
CWE
CWE-79
Status
published
Products (1)
firmchannel/digital_signage
3.24
Published
Nov 05, 2008
Tracked Since
Feb 18, 2026