CVE-2008-7134

RedGalaxy Download Center 1.2 - Cross-Site Scripting via Multiple URI Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-7134. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Download Center 1.2 by injecting a script tag into the 'message' parameter, which executes arbitrary JavaScript in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (3)

exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31389

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Download Center 1.2 by injecting a script tag into the 'message' parameter, which executes arbitrary JavaScript in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Download Center 1.2
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31391

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Download Center 1.2 by injecting a script tag into the search parameter, which executes arbitrary JavaScript in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Download Center 1.2
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/31390

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Download Center 1.2 by injecting a script tag into the 'category' parameter. The PoC triggers an alert box, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Download Center 1.2
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28219
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41198
Patch x_refsource_confirm
http://download.redgalaxy.net/?nav=home

Scores

EPSS 0.0152
EPSS Percentile 71.3%

Details

CWE
CWE-79
Status published
Products (1)
redgalaxy/download_center 1.2
Published Sep 01, 2009
Tracked Since Feb 18, 2026