CVE-2008-6127

MoziloCMS <1.10.2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.

References (5)

Scores

EPSS 0.0036
EPSS Percentile 57.6%

Classification

CWE
CWE-79
Status published

Affected Products (21)

mozilo/mozilocms
mozilo/mozilocms < 1.10.2
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
mozilo/mozilocms
... and 6 more

Timeline

Published Feb 13, 2009
Tracked Since Feb 18, 2026