CVE-2008-2210

CVE

Medium

Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via …

CVSS

4.3

Medium

EPSS

0.01

p60

Published

2008-01-01

Updated

2008-01-01

Description

Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php.

Tags · CWE

XSS

CWE-79

CAPEC-63

CAPEC-85

CAPEC-209

CAPEC-588

CAPEC-591

CAPEC-592

Affected products

Maian_support

CVSS vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Timeline

2008-01-01

Published

2008-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: M

Medium

Authentication

Au: N

None (N)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: P

Partial

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.011 · p60

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Maianscriptworld

Maian Support

Product	Vendor	Status
maian_support	*	Tracked

Source databases

CVE