CVE-2008-2861

Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
elinestudiosite_composer
𝑥
≤ 2.6
elinestudiosite_composer
2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/30762
http://securityreason.com/securityalert/3957
http://www.securityfocus.com/archive/1/493473/100/0/threaded
http://www.securityfocus.com/bid/29812
https://exchange.xforce.ibmcloud.com/vulnerabilities/43191
https://www.exploit-db.com/exploits/5859
http://secunia.com/advisories/30762
http://securityreason.com/securityalert/3957
http://www.securityfocus.com/archive/1/493473/100/0/threaded
http://www.securityfocus.com/bid/29812
https://exchange.xforce.ibmcloud.com/vulnerabilities/43191
https://www.exploit-db.com/exploits/5859