CyberSec.Space Logo
Back to CVE Browser

CVE-2008-2075

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile44.35th
PublishedMay 5, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter.

Affected Platforms (CPE)

πŸ“¦
Astrocam

Astrocam

= 2.5.0
πŸ“¦
Astrocam

Astrocam

= 2.5.1
πŸ“¦
Astrocam

Astrocam

= 2.5.2
πŸ“¦
Astrocam

Astrocam

= 2.5.3
πŸ“¦
Astrocam

Astrocam

= 2.5.4
πŸ“¦
Astrocam

Astrocam

= 2.5.5
πŸ“¦
Astrocam

Astrocam

= 2.5.5
πŸ“¦
Astrocam

Astrocam

= 2.5.6
πŸ“¦
Astrocam

Astrocam

= 2.5.6
πŸ“¦
Astrocam

Astrocam

= 2.5.7
πŸ“¦
Astrocam

Astrocam

= 2.5.8
πŸ“¦
Astrocam

Astrocam

= 2.5.8
πŸ“¦
Astrocam

Astrocam

= 2.5.8
πŸ“¦
Astrocam

Astrocam

= 2.5.9
πŸ“¦
Astrocam

Astrocam

= 2.6.0
πŸ“¦
Astrocam

Astrocam

= 2.6.1
πŸ“¦
Astrocam

Astrocam

= 2.6.2
πŸ“¦
Astrocam

Astrocam

= 2.6.3
πŸ“¦
Astrocam

Astrocam

= 2.6.4
πŸ“¦
Astrocam

Astrocam

= 2.6.5
πŸ“¦
Astrocam

Astrocam

= 2.6.6
πŸ“¦
Astrocam

Astrocam

= 2.7.0
πŸ“¦
Astrocam

Astrocam

= 2.7.1
πŸ“¦
Astrocam

Astrocam

= 2.7.2
πŸ“¦
Astrocam

Astrocam

= 2.7.3

References & Advisories

πŸ”— http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup
πŸ”— http://astrocam.svn.sourceforge.net/viewvc/astrocam/CHANGELOG?view=markup
πŸ”— http://astrocam.svn.sourceforge.net/viewvc/astrocam/v2.x/pic.php?r1=125&r2=126
πŸ”— http://secunia.com/advisories/30039
πŸ”— http://securityreason.com/securityalert/3852
πŸ”— http://www.securityfocus.com/archive/1/491513/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/28998
πŸ”— http://www.wendzel.de/?sub=showpost&blogid=5&postid=56

Related Vulnerabilities

CVE-2002-187410.0

astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a...

CVE-2007-14267.8

The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attackers to cause a denial of service (daemon shutdown) via reque...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...