CVE-2008-1225

Published: 10/03/2008 Updated: 08/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Edition 4.1.5.8, when "Don't wrap text" is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a (1) mail message or (2) discussion board message. NOTE: this might overlap CVE-2005-1076.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webct webct 4.1.5.8

source: wwwsecurityfocuscom/bid/28107/info WebCT is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing an attacker to ...

CWE-79 http://marc.info/?l=full-disclosure&m=120471944119467&w=2 http://www.balupton.com/blogs/dev?title=webct_session_stealer_exploit http://www.balupton.com/documents/webct_exploits.txt http://www.securityfocus.com/bid/28107 http://secunia.com/advisories/29227 https://exchange.xforce.ibmcloud.com/vulnerabilities/41047 https://nvd.nist.gov https://www.exploit-db.com/exploits/31337/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1225

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect