Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quickersite | Quickersite | 1.8.5 |
Related Weaknesses (CWE)
References
- http://osvdb.org/46221
- http://secunia.com/advisories/30501Vendor Advisory
- http://www.bugreport.ir/39/exploit.htmExploit
- http://www.bugreport.ir/index_39.htmExploit
- http://www.securityfocus.com/bid/29524
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42860
- http://osvdb.org/46221
- http://secunia.com/advisories/30501Vendor Advisory
- http://www.bugreport.ir/39/exploit.htmExploit
- http://www.bugreport.ir/index_39.htmExploit
- http://www.securityfocus.com/bid/29524
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42860
FAQ
What is CVE-2008-6675?
CVE-2008-6675 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect an...
How severe is CVE-2008-6675?
CVE-2008-6675 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6675?
Check the references section above for vendor advisories and patch information. Affected products include: Quickersite Quickersite.