Unrated severityNVD Advisory· Published Apr 30, 2008· Updated Apr 23, 2026
CVE-2008-2011
CVE-2008-2011
Description
Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI.
Affected products
1- cpe:2.3:a:national_rail_enquiries:national_rail_enquiries_live_departure_boards:*:*:*:*:*:*:*:*Range: <=1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.