Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3709

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3709
Last Modified 05 Sep 2008 05:43:43
Published 19 Aug 2008 03:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3709

Summary

Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php.

Vulnerable Systems

Application

  • Hotscripts Cyboards Php Lite 1.21


References

XF - cyboardsphplite-options-subscribe-xss(44476)

BID - 30688

VIM - 20080819 CyBoards PHP uncertainties (RFI/path traversal)

MISC - http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt


Last Updated: 27 May 2016 10:48:16