CVE-2008-6248

Galatolo Webmanager - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · textwebappsphp

https://www.exploit-db.com/exploits/6075

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/31098

[Exploit] http://www.securityfocus.com/bid/30232

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6075

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43781

Scores

EPSS 0.0286

EPSS Percentile 86.0%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

galatolo/galatolo_webmanager

Timeline

Published Feb 23, 2009

Tracked Since Feb 18, 2026