Unrated severityNVD Advisory· Published Jul 2, 2008· Updated Apr 23, 2026

CVE-2008-2967

Description

Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php.

Affected products

Yektaweb/Academic Web Tools
cpe:2.3:a:yektaweb:academic_web_tools:*:*:*:*:*:*:*:*
Range: <=1.4.2.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/30763nvdVendor Advisory
securityreason.com/securityalert/3959nvd
www.bugreport.irnvd
www.securityfocus.com/archive/1/493472/100/0/threadednvd
www.securityfocus.com/bid/29813nvd
exchange.xforce.ibmcloud.com/vulnerabilities/43178nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000