CVE-2008-5068

Kmita Gallery - Cross-Site Scripting via Begin and Searchtext Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5068. PoCs published by cize0f.

AI-analyzed exploit summary The exploit demonstrates XSS vulnerabilities in Kmita Gallery by injecting arbitrary JavaScript code via the 'begin' and 'searchtext' parameters. The PoC uses simple script tags to trigger an alert with the user's cookies.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext parameter to search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by cize0f · textwebappsphp
https://www.exploit-db.com/exploits/32544

The exploit demonstrates XSS vulnerabilities in Kmita Gallery by injecting arbitrary JavaScript code via the 'begin' and 'searchtext' parameters. The PoC uses simple script tags to trigger an alert with the user's cookies.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Kmita Gallery (version not specified)
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/49445
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32445
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31970
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/49444

Scores

EPSS 0.0035
EPSS Percentile 57.2%

Details

CWE
CWE-79
Status published
Products (1)
kkeim/kmita_gallery
Published Nov 13, 2008
Tracked Since Feb 18, 2026