Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178.
References 5 Total
- secunia.com: 30092 third-party-advisory
- exchange.xforce.ibmcloud.com: lifetype-newblogusername-xss(42228) vdb-entry
- securityfocus.com: 20080505 LifeType 1.2.8 mailing-list
- securityfocus.com: 29050 vdb-entry
- securityreason.com: 3879 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- secunia.com: 30092 third-party-advisoryx_transferred
- exchange.xforce.ibmcloud.com: lifetype-newblogusername-xss(42228) vdb-entryx_transferred
- securityfocus.com: 20080505 LifeType 1.2.8 mailing-listx_transferred
- securityfocus.com: 29050 vdb-entryx_transferred
- securityreason.com: 3879 third-party-advisoryx_transferred