Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Carboncommunities | Carbon Communities | <= 2.4 |
Related Weaknesses (CWE)
References
- http://bugreport.ir/index.php?/35Exploit
- http://secunia.com/advisories/29827Vendor Advisory
- http://www.securityfocus.com/archive/1/490923/100/0/threaded
- http://www.securityfocus.com/bid/28806Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41846
- https://www.exploit-db.com/exploits/5456
- http://bugreport.ir/index.php?/35Exploit
- http://secunia.com/advisories/29827Vendor Advisory
- http://www.securityfocus.com/archive/1/490923/100/0/threaded
- http://www.securityfocus.com/bid/28806Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41846
- https://www.exploit-db.com/exploits/5456
FAQ
What is CVE-2008-1896?
CVE-2008-1896 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and ...
How severe is CVE-2008-1896?
CVE-2008-1896 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1896?
Check the references section above for vendor advisories and patch information. Affected products include: Carboncommunities Carbon Communities.