Cross-Site Scripting Vulnerability in CruxCMS by Crux Software
CVE-2008-0700

Currently unrated

Key Information:

Vendor: Crux Software
Status: Cruxcms
Vendor: CVE Published:; 12 February 2008

🔔 Create Crux Software Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-0700?

A cross-site scripting (XSS) vulnerability exists in the search.php file of CruxCMS version 3.0. This flaw allows remote attackers to inject arbitrary web script or HTML through the 'search' parameter, potentially compromising the security of the web application and its users. The origin of this information remains unverified, being compiled from third-party sources.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-0700 - Proof of Concept

References

http://www.securityfocus.com/bid/27588

vdb-entryx_refsource_BID

http://downloads.securityfocus.com/vulnerabilities/exploi...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Feb 12, 2008
👾
Exploit known to exist
Feb 12, 2008
Vulnerability published
Feb 12, 2008

CVE-2008-0700 Data

JSON