4.3
CVE-2008-5056
- EPSS 0.33%
- Published 13.11.2008 11:30:01
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_id parameter to index.php.
Data is provided by the National Vulnerability Database (NVD)
Activecampaign ≫ Triolive Version <= 1.58.6
Activecampaign ≫ Triolive Version1.0
Activecampaign ≫ Triolive Version1.03
Activecampaign ≫ Triolive Version1.04
Activecampaign ≫ Triolive Version1.05
Activecampaign ≫ Triolive Version1.06
Activecampaign ≫ Triolive Version1.07
Activecampaign ≫ Triolive Version1.08
Activecampaign ≫ Triolive Version1.09
Activecampaign ≫ Triolive Version1.10
Activecampaign ≫ Triolive Version1.11
Activecampaign ≫ Triolive Version1.12
Activecampaign ≫ Triolive Version1.13
Activecampaign ≫ Triolive Version1.14
Activecampaign ≫ Triolive Version1.15
Activecampaign ≫ Triolive Version1.16
Activecampaign ≫ Triolive Version1.17
Activecampaign ≫ Triolive Version1.18
Activecampaign ≫ Triolive Version1.19
Activecampaign ≫ Triolive Version1.20
Activecampaign ≫ Triolive Version1.21
Activecampaign ≫ Triolive Version1.22
Activecampaign ≫ Triolive Version1.23
Activecampaign ≫ Triolive Version1.24
Activecampaign ≫ Triolive Version1.25
Activecampaign ≫ Triolive Version1.26
Activecampaign ≫ Triolive Version1.27
Activecampaign ≫ Triolive Version1.28
Activecampaign ≫ Triolive Version1.29
Activecampaign ≫ Triolive Version1.30
Activecampaign ≫ Triolive Version1.31
Activecampaign ≫ Triolive Version1.32
Activecampaign ≫ Triolive Version1.33
Activecampaign ≫ Triolive Version1.34
Activecampaign ≫ Triolive Version1.35
Activecampaign ≫ Triolive Version1.36
Activecampaign ≫ Triolive Version1.37
Activecampaign ≫ Triolive Version1.39
Activecampaign ≫ Triolive Version1.40
Activecampaign ≫ Triolive Version1.41
Activecampaign ≫ Triolive Version1.42
Activecampaign ≫ Triolive Version1.50.1
Activecampaign ≫ Triolive Version1.50.2
Activecampaign ≫ Triolive Version1.50.3
Activecampaign ≫ Triolive Version1.50.4
Activecampaign ≫ Triolive Version1.50.5
Activecampaign ≫ Triolive Version1.50.6
Activecampaign ≫ Triolive Version1.55.0
Activecampaign ≫ Triolive Version1.55.1
Activecampaign ≫ Triolive Version1.55.2
Activecampaign ≫ Triolive Version1.56.1
Activecampaign ≫ Triolive Version1.56.2
Activecampaign ≫ Triolive Version1.56.3
Activecampaign ≫ Triolive Version1.56.4
Activecampaign ≫ Triolive Version1.56.5
Activecampaign ≫ Triolive Version1.57
Activecampaign ≫ Triolive Version1.58.0
Activecampaign ≫ Triolive Version1.58.1
Activecampaign ≫ Triolive Version1.58.2
Activecampaign ≫ Triolive Version1.58.3
Activecampaign ≫ Triolive Version1.58.4
Activecampaign ≫ Triolive Version1.58.5
Activecampaign ≫ Triolive Versionunknown Updatebeta2
Activecampaign ≫ Triolive Versionunknown Updatebeta3
Activecampaign ≫ Triolive Versionunknown Updatebeta5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.528 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.