Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-0877

Published: 21/02/2008 Updated: 15/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 450
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Media Jukebox

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.

Vulnerable Product Search on Vulmon Subscribe to Product

jinzora media jukebox 2.7.5

Exploits

Exploit DB: Jinzora 2.7.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/27876/info Jinzora is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site T ...
Exploit DB: Jinzora 2.7.5 - 'ajax_request.php' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/27876/info Jinzora is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site ...
Exploit DB: Jinzora 2.7.5 - 'slim.php' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/27876/info Jinzora is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected sit ...
Exploit DB: Jinzora 2.7.5 - 'popup.php' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/27876/info Jinzora is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected s ...

References

CWE-79http://secunia.com/advisories/29023http://www.securityfocus.com/bid/27876http://securityreason.com/securityalert/3683http://www.securityfocus.com/archive/1/488326/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/31235/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook