Vulnerability Description
Cross-site scripting (XSS) vulnerability in news.php in Tr Script News 2.1 allows remote attackers to inject arbitrary web script or HTML via the "nb" parameter in voir mode.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tr Script News | Tr Script News | 2.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/29388Exploit
- http://www.z0rlu.ownspace.org/index.php?/archives/91-TR-News-v2.1-xss.htmlExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42648
- http://www.securityfocus.com/bid/29388Exploit
- http://www.z0rlu.ownspace.org/index.php?/archives/91-TR-News-v2.1-xss.htmlExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42648
FAQ
What is CVE-2008-2508?
CVE-2008-2508 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in news.php in Tr Script News 2.1 allows remote attackers to inject arbitrary web script or HTML via the "nb" parameter in voir mode.
How severe is CVE-2008-2508?
CVE-2008-2508 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2508?
Check the references section above for vendor advisories and patch information. Affected products include: Tr Script News Tr Script News.