VYPR
← All advisories
Unrated severityNVD Advisory· Published May 21, 2008· Updated Apr 23, 2026

CVE-2008-2398

CVE-2008-2398

Description

Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.

Affected products

36
  • Appserv Open Project/Appserv36 versions
    cpe:2.3:a:appserv_open_project:appserv:*:*:*:*:*:*:*:*+ 35 more
    • cpe:2.3:a:appserv_open_project:appserv:*:*:*:*:*:*:*:*range: <=2.5.10
    • cpe:2.3:a:appserv_open_project:appserv:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:1.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:1.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4.4a:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.4.9:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5.4a:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:appserv_open_project:appserv:2.5.9:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.