CVE-2008-7036

E-xoops < 1.08 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/31112

View Code ZIP pw:eip

References (5)

[Exploit] http://lostmon.blogspot.com/2008/02/bcoos-and-e-xoops-devtracker-module-two.html

[Exploit] http://osvdb.org/44334

[Exploit] http://osvdb.org/44335

[Exploit] http://www.securityfocus.com/bid/27619

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/40306

Scores

EPSS 0.0026

EPSS Percentile 48.8%

Classification

CWE

CWE-79

Status published

Affected Products (14)

e-xoops/e-xoops < 1.08

e-xoops/e-xoops

e-xoops/e-xoops

e-xoops/e-xoops

e-xoops/e-xoops

bcoos/devtracker

bcoos/devtracker

bcoos/bcoos < 1.1.11

bcoos/bcoos

bcoos/bcoos

bcoos/bcoos

bcoos/bcoos

bcoos/bcoos

n/a/n/a

Timeline

Published Aug 24, 2009

Tracked Since Feb 18, 2026