Unrated severityNVD Advisory· Published Nov 28, 2008· Updated Jun 16, 2026
CVE-2008-5264
CVE-2008-5264
Description
Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:tornado:tornado_knowledge_retrieval_system:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:tornado:tornado_knowledge_retrieval_system:*:*:*:*:*:*:*:*range: <=4.2
- (no CPE)range: <=4.2
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.