Return to CVE list

CVE-2008-4447

4.3
Medium

CVE-2008-4447

cve@mitre.org
Modified
View on MITREFind on GitHub

Description

Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action.

Exploits

324492008-10-01webappsPHP

H-Sphere WebShell 4.3.10 - 'actions.php' Multiple Cross-Site Scripting Vulnerabilities

By C1c4Tr1Z

References

cve@mitre.org
http://packetstormsecurity.org/0810-exploits/webshell431-xssxsrf.txt
cve@mitre.org
http://secunia.com/advisories/32086
cve@mitre.org
http://www.securityfocus.com/bid/31524
cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/45613
af854a3a-2127-422b-91ae-364da2661108
http://packetstormsecurity.org/0810-exploits/webshell431-xssxsrf.txt
af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/32086
af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/31524
af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/45613