CVE-2008-5891

injader < 2.1.1 - Cross-Site Scripting in Profile Editing Functionality

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5891. PoCs published by anonymous.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Injader versions prior to 2.1.2, including HTML injection and SQL injection. It outlines potential attack vectors but does not include functional exploit code.

Description

Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by anonymous · textwebappsphp

https://www.exploit-db.com/exploits/32663

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in Injader versions prior to 2.1.2, including HTML injection and SQL injection. It outlines potential attack vectors but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Injader < 2.1.2

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32843

Product x_refsource_confirm

http://sourceforge.net/project/shownotes.php?release_id=646897

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33161

Scores

EPSS 0.0026

EPSS Percentile 48.9%

Details

CWE

CWE-79

Status published

Products (5)

injader/injader 1.6.1

injader/injader 2.0.2

injader/injader 2.0.3

injader/injader 2.1.0

injader/injader < 2.1.1

Published Jan 12, 2009

Tracked Since Feb 18, 2026