CVE-2008-6094
Celoxis - Stored Cross-Site Scripting via ni.smessage Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-6094. PoCs published by teuquooch1seero.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Celoxis, where user-supplied input is not properly sanitized. It includes a proof-of-concept URL demonstrating the XSS payload.
Description
Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technologies Celoxis allows remote attackers to inject arbitrary web script or HTML via the ni.smessage parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by teuquooch1seero · textwebappsjava
https://www.exploit-db.com/exploits/32448
The provided text describes a cross-site scripting (XSS) vulnerability in Celoxis, where user-supplied input is not properly sanitized. It includes a proof-of-concept URL demonstrating the XSS payload.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Celoxis (version not specified)
No auth needed
Prerequisites:
Access to a vulnerable Celoxis instance · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064814.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32081
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31514
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45595
Scores
EPSS
0.0050
EPSS Percentile
66.4%
Details
CWE
CWE-79
Status
published
Products (1)
celoxis/celoxis
Published
Feb 09, 2009
Tracked Since
Feb 18, 2026