CVE-2008-2202 – Maian Uploader 4.0 - 'header.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2008-2202

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) en Maian Uploader 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrariamente mediante el parámetro (1) keywords de upload/admin/index.php en una acción search, los parámetros (2) msg_charset y (3) msg_header9 de admin/inc/header.php, y el parámetro (4) keywords de index.php en una acción search. • https://www.exploit-db.com/exploits/31743 https://www.exploit-db.com/exploits/31741 https://www.exploit-db.com/exploits/31742 http://secunia.com/advisories/30096 http://securityreason.com/securityalert/3882 http://www.securityfocus.com/archive/1/491599/100/0/threaded http://www.securityfocus.com/bid/29051 https://exchange.xforce.ibmcloud.com/vulnerabilities/42203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •