CVE-2008-7098

Qsoft-inc K-rate - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the (1) Title and (2) Text fields; (3) the gallery, possibly the Description field in Your Pictures; (4) the forum, possibly the Your Message field when posting a new thread; or (5) the vote parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Corwin · textwebappsphp

https://www.exploit-db.com/exploits/6312

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://osvdb.org/48341

[Vendor Advisory] http://secunia.com/advisories/31548

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44672

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44674

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30842

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6312

[Third Party Advisory, VDB Entry] http://osvdb.org/48340

[Third Party Advisory, VDB Entry] http://osvdb.org/48339

Scores

EPSS 0.0803

EPSS Percentile 92.0%

Classification

CWE

CWE-79

Status published

Affected Products (2)

qsoft-inc/k-rate

n/a/n/a

Timeline

Published Aug 27, 2009

Tracked Since Feb 18, 2026