Unrated severityNVD Advisory· Published Apr 30, 2008· Updated Jun 16, 2026
CVE-2008-2011
CVE-2008-2011
Description
Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:national_rail_enquiries:national_rail_enquiries_live_departure_boards:*:*:*:*:*:*:*:*Range: <=1.1
- Range: <1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.