CyberSec.Space Logo
Back to CVE Browser

CVE-2008-0793

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile5.16th
PublishedFeb 15, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third party information. NOTE: it is not clear whether this affects Tendenci Enterprise Edition in addition to the product's deployment on Tendenci's own server farm. If only the latter was affected, then this issue should not be included in CVE.

Affected Platforms (CPE)

πŸ“¦
Tendenci

Cms

All versions

References & Advisories

πŸ”— http://blog.tendenci.com/2008/02/cross-site-scri.html
πŸ”— http://holisticinfosec.blogspot.com/2008/02/fastest-fix-in-west-vendors-excellent.html
πŸ”— http://secunia.com/advisories/28882
πŸ”— http://www.securityfocus.com/bid/27782
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/40477
πŸ”— http://blog.tendenci.com/2008/02/cross-site-scri.html
πŸ”— http://holisticinfosec.blogspot.com/2008/02/fastest-fix-in-west-vendors-excellent.html
πŸ”— http://secunia.com/advisories/28882

Related Vulnerabilities

CVE-2005-400710.0

Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization ch...

CVE-2005-376410.0

The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uplo...

CVE-2020-1518810.0

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute a...

CVE-2006-160410.0

Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables tha...