{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the \"add comment\" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "webalbum-photoaddc-xss(42893)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42893"}, {"name": "3940", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3940"}, {"name": "20080605 WEBAlbum <= 2.0 Remote Stored Cross Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493143/100/0/threaded"}, {"name": "29580", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29580"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2698", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the \"add comment\" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "webalbum-photoaddc-xss(42893)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42893"}, {"name": "3940", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3940"}, {"name": "20080605 WEBAlbum <= 2.0 Remote Stored Cross Site Scripting Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493143/100/0/threaded"}, {"name": "29580", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29580"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:14:14.013Z"}, "title": "CVE Program Container", "references": [{"name": "webalbum-photoaddc-xss(42893)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42893"}, {"name": "3940", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3940"}, {"name": "20080605 WEBAlbum <= 2.0 Remote Stored Cross Site Scripting Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493143/100/0/threaded"}, {"name": "29580", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29580"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2698", "datePublished": "2008-06-13T19:19:00.000Z", "dateReserved": "2008-06-13T00:00:00.000Z", "dateUpdated": "2024-08-07T09:14:14.013Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:web-album:webalbum:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "22CCD06B-0C63-41DA-8B60-5543BB1965D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the \"add comment\" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en photo_add-c.php en WEBalbum 2.0 y anteriores, permite a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) comment, (2) id o (3) category."}], "id": "CVE-2008-2698", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-06-13T19:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3940"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/493143/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29580"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42893"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/493143/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42893"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}