4.3
CVE-2008-5056
- EPSS 1.07%
- Veröffentlicht 13.11.2008 11:30:01
- Zuletzt bearbeitet 16.06.2026 22:59:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Activecampaign ≫ Triolive Version <= 1.58.6
Activecampaign ≫ Triolive Version1.0
Activecampaign ≫ Triolive Version1.03
Activecampaign ≫ Triolive Version1.04
Activecampaign ≫ Triolive Version1.05
Activecampaign ≫ Triolive Version1.06
Activecampaign ≫ Triolive Version1.07
Activecampaign ≫ Triolive Version1.08
Activecampaign ≫ Triolive Version1.09
Activecampaign ≫ Triolive Version1.10
Activecampaign ≫ Triolive Version1.11
Activecampaign ≫ Triolive Version1.12
Activecampaign ≫ Triolive Version1.13
Activecampaign ≫ Triolive Version1.14
Activecampaign ≫ Triolive Version1.15
Activecampaign ≫ Triolive Version1.16
Activecampaign ≫ Triolive Version1.17
Activecampaign ≫ Triolive Version1.18
Activecampaign ≫ Triolive Version1.19
Activecampaign ≫ Triolive Version1.20
Activecampaign ≫ Triolive Version1.21
Activecampaign ≫ Triolive Version1.22
Activecampaign ≫ Triolive Version1.23
Activecampaign ≫ Triolive Version1.24
Activecampaign ≫ Triolive Version1.25
Activecampaign ≫ Triolive Version1.26
Activecampaign ≫ Triolive Version1.27
Activecampaign ≫ Triolive Version1.28
Activecampaign ≫ Triolive Version1.29
Activecampaign ≫ Triolive Version1.30
Activecampaign ≫ Triolive Version1.31
Activecampaign ≫ Triolive Version1.32
Activecampaign ≫ Triolive Version1.33
Activecampaign ≫ Triolive Version1.34
Activecampaign ≫ Triolive Version1.35
Activecampaign ≫ Triolive Version1.36
Activecampaign ≫ Triolive Version1.37
Activecampaign ≫ Triolive Version1.39
Activecampaign ≫ Triolive Version1.40
Activecampaign ≫ Triolive Version1.41
Activecampaign ≫ Triolive Version1.42
Activecampaign ≫ Triolive Version1.50.1
Activecampaign ≫ Triolive Version1.50.2
Activecampaign ≫ Triolive Version1.50.3
Activecampaign ≫ Triolive Version1.50.4
Activecampaign ≫ Triolive Version1.50.5
Activecampaign ≫ Triolive Version1.50.6
Activecampaign ≫ Triolive Version1.55.0
Activecampaign ≫ Triolive Version1.55.1
Activecampaign ≫ Triolive Version1.55.2
Activecampaign ≫ Triolive Version1.56.1
Activecampaign ≫ Triolive Version1.56.2
Activecampaign ≫ Triolive Version1.56.3
Activecampaign ≫ Triolive Version1.56.4
Activecampaign ≫ Triolive Version1.56.5
Activecampaign ≫ Triolive Version1.57
Activecampaign ≫ Triolive Version1.58.0
Activecampaign ≫ Triolive Version1.58.1
Activecampaign ≫ Triolive Version1.58.2
Activecampaign ≫ Triolive Version1.58.3
Activecampaign ≫ Triolive Version1.58.4
Activecampaign ≫ Triolive Version1.58.5
Activecampaign ≫ Triolive Versionunknown Updatebeta2
Activecampaign ≫ Triolive Versionunknown Updatebeta3
Activecampaign ≫ Triolive Versionunknown Updatebeta5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.07% | 0.606 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://activecampaign.com/support/forum/showthread.php?t=4554
http://holisticinfosec.org/content/view/93/45/
http://www.securityfocus.com/bid/32268
http://osvdb.org/49858
https://exchange.xforce.ibmcloud.com/vulnerabilities/46560