Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-3712

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php.

  • Published: Aug 19, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-3712
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 2.6
  • AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
mambo / mambo 4.6.2 4.6.2.x
mambo / mambo 4.6.5 4.6.5.x