CVE-2008-4761
Adam Wright HTMLTidy 0.5 - 'html-tidy-logic.php' Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport.
Vulnerabilidad de ejecución de comandos en sitios cruzados en includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php en Kayako eSupport v3.20.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro jsMakeSrc. NOTA: el origen de esta información es desconocido. Los detalles han sido obtenidos a partir de terceros. NOTA: esta cuestión es probable que sea del plugin HTMLArea HTMLTidy (HTML Tidy), no de eSupport.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-10-23 First Exploit
- 2008-10-27 CVE Reserved
- 2008-10-28 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2008/10/27/6 | Mailing List |
|
| http://www.securityfocus.com/bid/31908 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46097 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32527 | 2008-10-23 | |
| http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|