CVE-2008-6675

Quickersite - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5733

View on exploitdb

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/46221

[Vendor Advisory] http://secunia.com/advisories/30501

[Exploit] http://www.bugreport.ir/39/exploit.htm

[Exploit] http://www.bugreport.ir/index_39.htm

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42860

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29524

Scores

EPSS 0.0034

EPSS Percentile 56.3%

Classification

CWE

CWE-79

Status published

Affected Products (2)

quickersite/quickersite

n/a/n/a

Timeline

Published Apr 08, 2009

Tracked Since Feb 18, 2026