CVE-2008-5976

PHP JOBWEBSITE PRO - Stored Cross-Site Scripting via Adname Parameter or UserName Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5976. PoCs published by Pouya_Server.

AI-analyzed exploit summary The provided text describes an SQL injection and XSS vulnerability in PHP JOBWEBSITE PRO, with an example XSS payload for the forgot.php endpoint. It lacks executable exploit code but outlines the vulnerability and potential impact.

Description

Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Pouya_Server · textwebappsphp
https://www.exploit-db.com/exploits/32625

The provided text describes an SQL injection and XSS vulnerability in PHP JOBWEBSITE PRO, with an example XSS payload for the forgot.php endpoint. It lacks executable exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: PHP JOBWEBSITE PRO
No auth needed
Prerequisites: Access to the vulnerable endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30686
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46999
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32570
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46997

Scores

EPSS 0.0150
EPSS Percentile 70.9%

Details

CWE
CWE-79
Status published
Products (1)
preprojects/php_jobwebsite_pro
Published Jan 27, 2009
Tracked Since Feb 18, 2026