Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Softbizscripts | Classifieds Script | - |
Related Weaknesses (CWE)
References
- http://packetstorm.linuxsecurity.com/0812-exploits/classifieds-xss.txtExploit
- http://secunia.com/advisories/32828Vendor Advisory
- http://www.securityfocus.com/bid/32569
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47008
- http://packetstorm.linuxsecurity.com/0812-exploits/classifieds-xss.txtExploit
- http://secunia.com/advisories/32828Vendor Advisory
- http://www.securityfocus.com/bid/32569
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47008
FAQ
What is CVE-2008-6325?
CVE-2008-6325 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg...
How severe is CVE-2008-6325?
CVE-2008-6325 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6325?
Check the references section above for vendor advisories and patch information. Affected products include: Softbizscripts Classifieds Script.